a few notes about permissions
Farkas Levente
lfarkas at bppiac.hu
Mon Dec 11 12:03:22 UTC 2006
Måns Nilsson wrote:
>> on the other hand
>> - nsdc, nsd-patch and nsd-xfer should have to run as the configured user
>> (nsd by default) so the generated db, zone and transfer files owned by
>> nsd. in this case file permission would be consistent. now eg. ixfr.db
>> owned by nsd while nsd.db owned by root. master zone files owned by nsd
>> slaves owned by root (nsd-patch generated, yes i know cron can be run as
>> a given user, but). if you assume you can write a perfect code nsd can
>> run as root, if try to be safe run all tools as nsd.
>
> Setuid shell scripts are generally complicated. Running the binaries inside
> a shell script with "su" and the main script as root is doable.
nsdc shell script can run as root, but zonec, nsd-patch, nsd-xfer etc.
can change euid to nsd and it'd be enough.
--
Levente "Si vis pacem para bellum!"
More information about the nsd-users
mailing list