Date: Sun, 25 Feb 2001 23:59:17 +0100 From: Roelof Osinga <roelof@eboa.com> To: opentrax@email.com Cc: csxbcs@comp.leeds.ac.uk, dima@unixfreak.org, freebsd-doc@FreeBSD.ORG Subject: Re: docs/24364: Do too! && How To? Message-ID: <3A998E45.C7BF4628@eboa.com> References: <200101171646.IAA03876@spammie.svbug.com>
next in thread | previous in thread | raw e-mail | index | archive | help
opentrax@email.com wrote:
>
> > ...
> > Hmm, would this make it any clearer, do you think?
> >
> > ...
> > #named_flags="-u bind -g bind" # Flags for named, if running in a sandbox.
> >
> > If not, please suggest something which would. :-)
> >
> Maybe,
>
> #named_flags="-u bind -g bind" # Flags for named, part of a sandbox.
>
> This way we suggest it is one component, not that it creates
> a sandbox.
First off, if I remember correctly then in my case the rc.conf
was not pre-filled like this. I don't know why, probably because
I took the easy route. Meaning either by install or later by
way of /stand/sysintall. It's only when a box is halfway there
that I whip out vi or whatever. My guess would be that by that
time those texts will be long gone.
So my preference would be to include that snippet into the named
manpage. Or if there's space into /stand/sysinstall as well. I've
just now actually glanced at security(7) and that actually does
not say *how* the sandbox needs to be build. It refers to the
rc.conf example. Now if those indeed can be overwritten...
Another thing that deserves mentioning is the inclusion of something
like "pid-file "s/named.pid";" like so:
options {
directory "/etc/namedb";
dump-file "s/named_dump.db";
pid-file "s/named.pid";
};
Else you get all those people wondering about them error notices
as well as how to get rid of them.
Which brings me to another thing, namely the lack of a howto. All one
can find by searching is
nisse:~$ whereis howto
howto: /usr/ports/print/freetype/work/freetype-1.3.1/howto
and then only if that's installed <g>. So I was thinking that maybe
it wouldn't be such a bad idea to both have a manpage called howto(?)
as well as a script called howto that displays that manpage.
This manpage could then just give some common tips as in a FAQ but
more in the sense of pointers. Like howto run bind in a sandbox, well
rtfm(?). Wondering about security, see security(7). So both a more
verbal and organized apropos as well as a bit of FAQ. Something for
people who see all these trees but can't find the forest.
And it's a well known name that happens to be unused. (bash already
has help covered, guess that's too common :).
Any, just some musings on my part.
Roelof
PS my rc.conf preference would be:
#named_flags="-u bind -g bind" # Flags to sandbox named, see named(8)
PPS I am of course also the Top Nisse at nisser.com ;)
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-doc" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3A998E45.C7BF4628>