On Tue, Oct 28, 2008 at 7:15 PM, Mark Andrews <[EMAIL PROTECTED]> wrote: > > In message <[EMAIL PROTECTED]>, Jeff Pang writes: >> Hello, >> >> I need to let apache start/stop named. >> I set: chmod +s named, so httpd (run with nobody) can stop/start it. >> Is it safe for this behavior? thanks. > > In general, no. Named is not designed to be run suid root. > A ordinary user can do all sorts of damage with named. > > I would suggest that you create a wrapper which then exec's > named with arguements that you deem safe. This wrapper can > be suid root.
*cough*sudo*cough* ;-) -Bryan
