[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: BIND less restrictive modes and policy



Hello Adam,


On Mon, Jan 21, 2008 at 12:57:38PM +0100, Adam Tkac wrote:
> Hi all,
> 
> I'm going to do major revision of bind's file modes. Currenly We have
> many files readable only by root and I can't see any reason why keep
> binaries unreadable and unexecutable by other users. Also there isn't
> any reason why keep configuration private. Only this files should not
> be readable by other users:
> - /etc/rndc.key - who has it may control server through rndc utility
> - /var/log/named.log - will have sensitive information

ok

> 
> All other will be readable for all. Also complete /var/named/* subtree
> will be writable by named (for generating core files, DDNS updates,
> secondary servers, generally for easier configuration).
> 
> Has anyone arguments against such change?


Would it be possible to keep write access within subdirs, so that
it e.g. is possible to keep master named files owned by root.root?
(Not sure this buys anything, but still looks good...)

regards,

Florian La Roche


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]