Next: FTP
Up: Specific Software
Previous: Apache
Bind doesn't have a great security record, and worse it runs as root by
default on most systems (I think newer Redhat Distributions have fixed
this). If you read the file INSTALL that comes with it the changes you
need to make are described, but roughly speaking they are:
- Add -u username -g groupname the the scripts that start bind (named).
This is /etc/rc.d/init.d/named on RedHat.
- chown the /var/named directory and subdirectories to the user/group
specified.
- chown the logfiles that named logs to (this is not normally needed
since it normally logs via 'syslog'.
- This will break the `ndc' program, you can get it to do a reload with
"/usr/sbin/ndc -p /var/run/named.pid reload", but "restart" will cause
the new server to run as root again.
Another possibility is to run named in a `chroot' environment so that it
does not have access to your normal filesystem (this really needs to be
combined with not running it as root). I'm not going to describe how to
do that here.
You should be running at least BIND 8.2.2 patchlevel 3
Next: FTP
Up: Specific Software
Previous: Apache
Stephen White
2001-01-16