Re: Changes to named

[Alexandre Oliva <aoliva redhat com>]

On Nov  6, 2003, "Neal D. Becker" <nbecker hns com> wrote:

> On Wednesday 05 November 2003 09:20 pm, Alexandre Oliva wrote:
>> On Nov  5, 2003, "Neal D. Becker" <nbecker hns com> wrote:
>> > I see in release notes that the permissions/ownerships of named files
>> > have changed.  Is it OK to install (clean), then restore my
>> > backed-up /var/lib/named and /etc/named.conf, or will I have to change
>> > ownerships/permissions?
>> 
>> Err...  Release Notes anyone?
>> 
>> o The BIND nameserver has had its security tightened. The /var/named/
>> directory is no longer owned by "named", but rather by "root". Slave
>> zone files should now be stored in the new /var/named/slaves/
>> directory, which is owned by "named". In addition, a new bind-chroot
>> package makes it possible to run the named daemon in a chroot()
>> "jail" (located in /var/named/chroot/) for greater security.

> Thanks, but I already read the release notes.  My question is, if I simply 
> restore my old named setup, overwriting the new permissions/ownerships with 
> the old ones, will named break?

If you don't change ownership and you do have slave zones in the
now-root-owned directory, it will break.  If you do change ownership,
you revert the security improvements.

It would be best to tweak named.conf to use the sub-directory, and
get your config files into the chroot (otherwise you have to edit
/etc/sysconfig/named to remove ROOTDIR).

-- 
Alexandre Oliva   Enjoy Guarana', see http://www.ic.unicamp.br/~oliva/
Red Hat GCC Developer                 aoliva {redhat com, gcc.gnu.org}
CS PhD student at IC-Unicamp        oliva {lsd ic unicamp br, gnu.org}
Free Software Evangelist                Professional serial bug killer