Re: named / BIND 9.4.1-P1 /etc/named/master ownership

From: "Philip M. Gollucci" <pgollucci@xxxxxxxxxxxx>
Date: Mon, 3 Dec 2007 17:03:43 -0500

Gelsema, P (Patrick) - FreeBSD wrote:

In /etc/rc.conf I got the following.
hulk# cat /etc/rc.conf | grep named
named_enable="YES"
named_uid="bind"
named_chrootdir="/var/named"

grep named /etc/defaults/rc.conf
# named. It may be possible to run named in a sandbox, man security for
named_enable="NO" # Run named, the DNS server (or NO).
named_program="/usr/sbin/named" # path to named, if you want a different
one.
#named_flags="" # Flags for named
named_pidfile="/var/run/named/pid" # Must set this in named.conf as well
named_uid="bind" # User to run named as
named_chrootdir="/var/named" # Chroot directory (or "" not to
auto-chroot it)
named_chroot_autoupdate="YES" # Automatically install/update chrooted
# components of named. See /etc/rc.d/named.
named_symlink_enable="YES" # Symlink the chrooted pid file

As you can see, your named_uid and named_chrootdir are not needed, that
is the default.

The thing causing your issue is named_chroot_autoupdate="YES" (the
default) and it is correct to do so, you should not be changing these
without very good reason.

--
------------------------------------------------------------------------
Philip M. Gollucci (philip@xxxxxxxxxxxxxx)
o:703.549.2050x206
Senior System Admin - Riderway, Inc.
http://riderway.com / http://ridecharge.com
1024D/EC88A0BF 0DE5 C55C 6BF3 B235 2DAB B89E 1324 9B4F EC88 A0BF

Work like you don't need the money,
love like you'll never get hurt,
and dance like nobody's watching.

_______________________________________________
freebsd-questions@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscribe@xxxxxxxxxxx"

Follow-Ups:
- Re: named / BIND 9.4.1-P1 /etc/named/master ownership
  - From: Gelsema, P \(Patrick\) - FreeBSD

References:
- named / BIND 9.4.1-P1 /etc/named/master ownership
  - From: Gelsema, P \(Patrick\) - FreeBSD

Prev by Date: Re: FBS7.0-4B, named does not build with buildworld
Next by Date: Re: Can I install Free BSD latest version on my laptop with dual boot?
Previous by thread: named / BIND 9.4.1-P1 /etc/named/master ownership
Next by thread: Re: named / BIND 9.4.1-P1 /etc/named/master ownership
Index(es):
- Date
- Thread

Relevant Pages

RE: Sandboxie
... No sandbox product is fool proof. ... Java's first security model was fairly secure. ... the vulnerabilities began to appear in earnest. ... When the underlying OS or app is updated, ...
(Security-Basics)
RE: Sandboxie
... No sandbox product is fool proof. ... Java's first security model was fairly secure. ... EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE ... The NSA has designated Norwich University a center of Academic ...
(Security-Basics)
Re: Sandboxie
... No sandbox product is fool proof. ... Java's first security model was fairly secure. ... EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE ... The NSA has designated Norwich University a center of Academic Excellence ...
(Security-Basics)
Re: .NET Security
... And I haven't read it all yet, but 4.0 supposedly makes all is work like native code one again with the EXE controlling what security is used. ... What is not allowed in partial trust? ... What I did just now was to use MSCORCFG.MSC to alter the local intranet setting. ... So I would like to be able to sandbox our own customer trusted apps. ...
(microsoft.public.dotnet.languages.vb)
Re: HOWTO: Dynamically restricting permissions
... Another very easy way to generate a local security "sandbox" defined on ... - in the Permissions tab, select whatever permissions you want your sandboxed folder to have ... > to the machine's security policy or any other weird tricks. ...
(microsoft.public.dotnet.security)