On Sun, Jun 15, 2008 at 08:42:38PM +0200, Andreas Maus wrote: > Hi. > > While configuring named on my sweet new Soekris 5501 I discovered > a little *uhm* misconfiguration (I would not call it a bug). > > By default the permissions of /var/named/master is set to 0755 > and owned by root:wheel. named runs in the chroot /var/named > with the user named, group named.
It's reasonable to me: named doesn't need to modify master zones, so don't let it do that. Principle of the least privilege. <snip> > Simple fix: > > chown named /var/named/master Simpler fix: put dynamically updated zones in slave, which I have done for years. -- Jussi Peltola
