From: Mike's List (mikelist@sky.net)
Date: Mon Jun 17 2002 - 13:48:30 EDT
ALL replied with, it's a good idea to create a user/group named and runs
BIND in a chroot environment --more secure in case BIND needs patching,
but you haven't got a chance to. Also, if/when BIND is compromise,
user/group named gives another layer of security to protect root's access.
So it's not just a matter of preference but good security practice.
Thanks to all that replied.
- Mike
On Fri, 14 Jun 2002, Mike's List wrote:
> I'm about to bring a DNS system online and wanted to get some feedback.
>
> -- Most Solaris system I've seen, named just runs/owns by root.
> -- Most Linux (ie. Redhat) I've seen, named runs/owns by named
> (user and group) --only /var/named and everything below owns
> by named (user and group).
>
> My question is, does it matter if named is own by root or named? I can see
> why Redhat/Linux is set so there's a user named and group named for another
> layer of security, but how big of a deal if named is run/own by root? or is
> this just "matter of preference"?
>
> Thanks.
>
>
> - Mike
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers
This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 23:24:28 EDT