dave, running BIND as a non-privileged user is a good idea, but putting it into a chroot jail _and_ running as a non-root user is much safer. i've recently created a chroot'd BIND and use it on a production server; it's not that difficult. if you want to do this, the chroot-BIND8 howto is your friend: http://www.linuxdoc.org/HOWTO/Chroot-BIND8-HOWTO.html
this document is really good, but some additional work needs to be done to get the thing work on debian. On Wed, 2002-01-30 at 17:14, Dave Kline wrote: > I have a number of Debian 2.2 systems that have some critical daemons > running as root. The most concerning offender is BIND8. BIND has been > tried and convicted, and by judging its turbulent past, I have no choice > but to demote it from its root status. I don't have dynamic interfaces > for it to play with so it clearly has no business being root. > > I have no experience demoting BIND, but I realize I must. Making a > chroot'ed environment isn't as large a concern for me as just dropping > root from the daemon. My question is can I perform this task in a > 'Debian' way? By that I mean can I follow a HOWTO aimed at Debian, so > Apt wont trample of my work during the next BIND update? Does anyone > have a methodology for BIND8 on Debian 2.2? > > Thanks much. > -A. Dave > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > -- __________________________________________ Gergely Trifonov mailto:[EMAIL PROTECTED] System Administrator, WSD IND - Interactive Net Design http://www.indweb.hu Széchenyi u. 70. H - 3530 Miskolc Hungary Phone: +36 46 505 106 Fax: +36 46 505 107 Mobile: +36 20 395 6476 !Please install IND CA Certification as TRUSTED CA! https://www.indweb.hu/IND.crt
