Re: To the bind maintainer
At 12:19 PM 1/21/00 +0100, Marek Habersack wrote:
>* Onno Ebbinge said:
>> Please change your /etc/init.d script to run named
>> with another user and group id than root.
>>
>> Named (bind) doesn't need to run under root and
>> should NOT run under root for obvious reasons.
>>
>> Please run named with the -u and -g options.
>>
>> Example: root# named -u deamon -g deamon
>Why don't you just do it yourself? And before posting such mails, please
I did do it myself!
>read what's written in the package's README.Debian
>(/usr/share/doc/bind/README.Debian)
You are right ofcourse, I now did and I do NOT agree!
It should be easy, like in other packages, to make a
post install script that tells you about the problems
running named non-root and let YOU choose if you want
to run named root or non-root! With a little effort
you can get more security.
Regards,
Onno
Reply to: