On 12/04/12 16:44, Mihai Moldovan wrote:

Hmm, permission denied while binding to ppp0? Maybe that's because my named is
running as the non-privileged system user "named" and binding to the privileged
port 53? Makes sense... but... hm. I guess in this case there's no other way but
running named as root?

I vaguely seem to recall this has come up on the list before.

However: at our site:

 1. Bind runs as user "named"
 2. "rndc reconfig" works with a new IP, e.g.

# rndc reconfig
# lsof -n -i :53 | fgrep 192.168.
# ip addr add 192.168.230.230/32 dev lo
# rndc reconfig
# lsof -n -i :53 | fgrep 192.168.
named 17052 named 32u IPv4 1395639422 TCP 192.168.230.230:domain (LISTEN)
named   17052 named  531u  IPv4 1395639421       UDP 192.168.230.230:domain

This is on RHEL5, with SELinux enabled.

So, it's definitely possible to do this as non-root. As above, I'm sure this has been discussed, but I can't remember what we decided the mechanism that allowed this was.
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Reply via email to