On Sun, 9 Feb 2003 21:12, Jeffrey Taylor wrote: > It has been possible since BIND 8.x to run it non-root. I did it on > my main machine (non-Debian). It took a little fiddling with > permissions and ownership so it could read & write the configuration > and zone files. Figure an hour to get it to work. I should invest > another hour to improve the solution. I now think it can be done more > securely.
I've been running BIND non-root for many years, I think I even had 4.x running non-root. I used the authbind package to allow binding to port 53 as non-root and needed a few modifications to /etc/init.d/bind and some permissions of some files. It wasn't too difficult. Bind9 manages it's own security by dropping capabilities and does not work with authbind. -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
