[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: BIND less restrictive modes and policy



On Tue, Jan 22, 2008 at 09:27:14AM +0100, Enrico Scholz wrote:
> Andrew Farris <lordmorgul gmail com> writes:
> 
> >> pz/ and the other parts of the chroot filesystem must be read-only
> >> for named.
> >
> > And why exactly is that?
> 
> To give only the required rights is a common and working practice for
> years to secure daemons.  Fedora should not forget classical ways
> (own uid, chroot environments, restrictive permissions) just to give
> something like "easier configuration" (where I can not see how mixing
> all and everything into a single dir can ease configuration).
> 

Main reason why I want /var/named writable is because named is
designed that this directory is supossed to be writable, not easier
configuration. It really make problems sometimes when it is not writable.
And add some option to initscript which will make that directory writable
is suspicious for me.

Adam

-- 
Adam Tkac, Red Hat, Inc.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]