 
 
 
 
 
   
 Next: FTP
 Up: Specific Software
 Previous: Apache
 
Bind doesn't have a great security record, and worse it runs as root by
default on most systems (I think newer Redhat Distributions have fixed
this).  If you read the file INSTALL that comes with it the changes you
need to make are described, but roughly speaking they are:
 
- Add -u username -g groupname the the scripts that start bind (named).
	This is /etc/rc.d/init.d/named on RedHat.
- chown the /var/named directory and subdirectories to the user/group
	specified.
- chown the logfiles that named logs to (this is not normally needed
	since it normally logs via 'syslog'.
- This will break the `ndc' program, you can get it to do a reload with
	"/usr/sbin/ndc -p /var/run/named.pid reload", but "restart" will cause
	the new server to run as root again.
 
Another possibility is to run named in a `chroot' environment so that it
does not have access to your normal filesystem (this really needs to be
combined with not running it as root).  I'm not going to describe how to
do that here.
 
You should be running at least BIND 8.2.2 patchlevel 3
 
 
 
 
 
   
 Next: FTP
 Up: Specific Software
 Previous: Apache
Stephen White
2001-01-16