[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: BIND less restrictive modes and policy



Andrew Farris <lordmorgul gmail com> writes:

>> pz/ and the other parts of the chroot filesystem must be read-only
>> for named.
>
> And why exactly is that?

To give only the required rights is a common and working practice for
years to secure daemons.  Fedora should not forget classical ways
(own uid, chroot environments, restrictive permissions) just to give
something like "easier configuration" (where I can not see how mixing
all and everything into a single dir can ease configuration).



Enrico


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]