Date: 6 Sep 1999 14:27:48 +1000 From: "John Saunders" <john.saunders@nlc.net.au> To: freebsd-questions@FreeBSD.org Subject: Re: bind sandboxes? Message-ID: <19990906042748.24879.qmail@nhj.nlc.net.au> In-Reply-To: <Pine.BSF.4.05.9909031021180.85741-100000@maine.60north.net>
next in thread | previous in thread | raw e-mail | index | archive | help
The provided information doesn't go into enough detail so you will probably
need to research the book to make things work right. At the moment an
"ndc reload" isn't able to properly create the named.pid file. Last
time I tried this there was some problem with an ioctl() to list the
interfaces, but this doesn't seem to happen anymore. But basically
look at /etc/defaults/rc.conf for the named_flags that specify the
-u and -g options. And look at /etc/namedb/named.conf for how to
create the "s" directory and give it the correct permissions.
In freebsd-questions you wrote:
> Additionally youll want to set up your named.conf to point to a directory
> owned by user bind for loging, pid & configs... See O'Reily & Assoc DNS &
> bind for a great explenation.
> On Fri, 3 Sep 1999, Anand Buddhdev wrote:
>> On Fri, Sep 03, 1999 at 10:38:43AM +0200, Dan Larsson wrote:
>>
>> A sandbox is a concept. A program running in a sandbox is running with
>> less privileges, instead of running as root. This aids in enhancing
>> security, because a compromise in that program does not leave the
>> machine vulnerable to root break-in. In your case, you'd be running bind
>> as user bind, instead of as root. You have to change the flags in
>> /etc/rc.conf to make named run with the -u and -g options. See the man
>> page for named for more info.
>>
>> > Does FreeBSD insinuate that I need a bucket and shovel with serious
>> > time spent in a sandbox before I configure bind? I'd like to have the sandbox
>> > theory regarding bind explained, please.
>> >
>> > Regards
>> > ----
>> > Dan Larsson ( mailto:dan@junglenote.com )
-- +------------------------------------------------------------+
. | John Saunders - mailto:john@nlc.net.au (EMail) |
,--_|\ | - http://www.nlc.net.au/ (WWW) |
/ Oz \ | - 02-9489-4932 or 04-1822-3814 (Phone) |
\_,--\_/ | NORTHLINK COMMUNICATIONS P/L - Supplying a professional, |
v | and above all friendly, internet connection service. |
+------------------------------------------------------------+
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990906042748.24879.qmail>