[ LUGOS ] Re: [ LUGOS ] Re: [ LUGOS ] Named problem

Rok Papez rok.papez na email.si
Tor Mar 20 18:01:39 CET 2001


Zivjo!

On Tue, 20 Mar 2001, Borut Mrak wrote:

> Ce poganjas named kot ne-root, potem moras v named.conf dodat se ta
> vnose: 
> controls {
>         unix "/var/run/ndc" perm 0600 owner 1000 group 2000;
> };
> 
> kjer je 1000 uid pod katerim laufas named, 2000 pa gid.

Upam si oporekati.

Protiprimer tvojemu mnenju se nahaja konkretno v paketu:
ftp://ftp.lugos.si/arhiv/lisa/lisa-bind-8.2.3-1.i386.rpm
(ja.. malce ze pretiravam ;->)

Kjer je uid=0 in gid=0 in zadeva prav lepo deluje v
svojem chroot zaporu.

`man named.conf` pa kar malce dovoumno pravi:
     A unix control channel is a FIFO in the file system, and access to it is
     controlled by normal file system permissions.  It is created by named
     with the specified file mode bits (see chmod(1)),  user and group owner.
     Note that, unlike chmod, the mode bits specified for perm will normally
     have a leading 0 so the number is interpreted as octal.  Also note that
     the user and group ownership specified as owner and group must be given
     as numbers, not names.  It is recommended that the permissions be re­
     stricted to administrative personnel only, or else any user on the system
     might be able to manage the local name server. 

-- 
best regards,
Rok Papez.




Dodatne informacije o seznamu Starilist