Changes to named
Alexandre Oliva
aoliva at redhat.com
Thu Nov 6 15:18:29 UTC 2003
On Nov 6, 2003, "Neal D. Becker" <nbecker at hns.com> wrote:
> On Wednesday 05 November 2003 09:20 pm, Alexandre Oliva wrote:
>> On Nov 5, 2003, "Neal D. Becker" <nbecker at hns.com> wrote:
>> > I see in release notes that the permissions/ownerships of named files
>> > have changed. Is it OK to install (clean), then restore my
>> > backed-up /var/lib/named and /etc/named.conf, or will I have to change
>> > ownerships/permissions?
>>
>> Err... Release Notes anyone?
>>
>> o The BIND nameserver has had its security tightened. The /var/named/
>> directory is no longer owned by "named", but rather by "root". Slave
>> zone files should now be stored in the new /var/named/slaves/
>> directory, which is owned by "named". In addition, a new bind-chroot
>> package makes it possible to run the named daemon in a chroot()
>> "jail" (located in /var/named/chroot/) for greater security.
> Thanks, but I already read the release notes. My question is, if I simply
> restore my old named setup, overwriting the new permissions/ownerships with
> the old ones, will named break?
If you don't change ownership and you do have slave zones in the
now-root-owned directory, it will break. If you do change ownership,
you revert the security improvements.
It would be best to tweak named.conf to use the sub-directory, and
get your config files into the chroot (otherwise you have to edit
/etc/sysconfig/named to remove ROOTDIR).
--
Alexandre Oliva Enjoy Guarana', see http://www.ic.unicamp.br/~oliva/
Red Hat GCC Developer aoliva@{redhat.com, gcc.gnu.org}
CS PhD student at IC-Unicamp oliva@{lsd.ic.unicamp.br, gnu.org}
Free Software Evangelist Professional serial bug killer
More information about the fedora-test-list
mailing list