On Wed, 19 Jan 2005 nikolay.nenchev_at_rbb-sofia.raiffeisen.at wrote: > Hi, > have installed FreeBSD 5.3 with Bind integrated in it. named is running in > chroot, with user bind, so every file in /etc/namedb is owned by > bind:wheel, exept rndc.key. (i have also rndc.conf with owner bind) With the new structure for BIND in FreeBSD 5.3 and later, you don't need rndc.conf, and in fact, you probably shouldn't have one unless you have a super-compelling need. The rndc.key file is all you need for basic operation, and the rc.d/named file will create it for you. > and it is impossible to start make rndc reload. if i change owner on > rndc.key it is working but is it a security issue, user who is running > named (bind) to have acceess to rndc.key. Someone else already pointed out that it's necessary to have the rndc.key file owned by the same user as named, and it's not really a security threat. > A another thing, if i make " sudo named stop/start" the own of my master > folder is change to root:wheel (before bind:wheel)? That's because the rc.d script runs mtree to make sure that the permissions are correct on the files in /var/named. This is actualy one area where the security issues are relevant, in the sense that if an attacker compromises the named user you don't want them to be able to alter your master zone files. Hope this helps, Doug -- This .signature sanitized for your protectionReceived on Sun Jan 23 2005 - 00:43:30 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:38:26 UTC