bind and fc6
David G. Miller
dave at davenjudy.org
Sat Feb 3 05:35:15 UTC 2007
Tim <ignored_mailbox at yahoo.com.au> wrote:
> On Fri, 2007-02-02 at 14:51 +0000, Stuart Sears wrote:
>
>> > True but AFAIK you need root privileges to do this and named drops
>> > these as soon as it is chrooted.
>>
>
> Why would BIND need root in the first place? It only has to read its
> own files, it doesn't have to write any system ones.
In order to open the privileged ports used by a nameserver.
nameserver 42/tcp name # IEN 116
nameserver 42/udp name # IEN 116
Lots of services only need to be root in order to open their service
port (e.g., httpd). They then become a normal user and some, such as
bind, switch to a chroot jail.
Cheers,
Dave
--
Politics, n. Strife of interests masquerading as a contest of principles.
-- Ambrose Bierce
More information about the users
mailing list