On 02/01/2012 01:52, Phil Mayers wrote:
> There's no need for the keyfile to be writeable by bind (at the moment,
> at any rate). So root:bind and 0640 seem more appropriate to me.
This makes more sense to me as well. Assume for the moment that an
attacker gains access as user bind. I really don't want them to be able
to munge the key file.
--
It's always a long day; 86400 doesn't fit into a short.
Breadth of IT experience, and depth of knowledge in the DNS.
Yours for the right price. :) http://SupersetSolutions.com/
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
