[ LUGOS ] Re: [ LUGOS ] Re: [ LUGOS ] Named problem
Rok Papez
rok.papez na email.si
Tor Mar 20 18:01:39 CET 2001
Zivjo!
On Tue, 20 Mar 2001, Borut Mrak wrote:
> Ce poganjas named kot ne-root, potem moras v named.conf dodat se ta
> vnose:
> controls {
> unix "/var/run/ndc" perm 0600 owner 1000 group 2000;
> };
>
> kjer je 1000 uid pod katerim laufas named, 2000 pa gid.
Upam si oporekati.
Protiprimer tvojemu mnenju se nahaja konkretno v paketu:
ftp://ftp.lugos.si/arhiv/lisa/lisa-bind-8.2.3-1.i386.rpm
(ja.. malce ze pretiravam ;->)
Kjer je uid=0 in gid=0 in zadeva prav lepo deluje v
svojem chroot zaporu.
`man named.conf` pa kar malce dovoumno pravi:
A unix control channel is a FIFO in the file system, and access to it is
controlled by normal file system permissions. It is created by named
with the specified file mode bits (see chmod(1)), user and group owner.
Note that, unlike chmod, the mode bits specified for perm will normally
have a leading 0 so the number is interpreted as octal. Also note that
the user and group ownership specified as owner and group must be given
as numbers, not names. It is recommended that the permissions be re
stricted to administrative personnel only, or else any user on the system
might be able to manage the local name server.
--
best regards,
Rok Papez.
Dodatne informacije o seznamu Starilist