* On 12.04.2012 09:11 PM, Mark Pettit wrote: > If you run BIND with "-u" so it changes to an unprivileged user, then BIND > may not be able to bind() to new interfaces created on your system. > > [...] > > What OS are you using, and what's the command-line you use to launch BIND?
I'm using Linux 3.0.2 w/ bind 9.9.0, so all this should work fine, quoting the
man page:
-u user
Setuid to user after completing privileged operations, such as
creating sockets that listen on privileged ports.
Note: On Linux, named uses the kernel's capability mechanism
to drop all root privileges except the ability to bind(2) to a privileged port
and set process resource limits. Unfortunately, this means that the -u option
only works when named is run on kernel 2.2.18 or later, or kernel 2.3.99-pre3 or
later, since previous kernels did not allow privileges to be retained after
setuid(2).
Seems fine... but: I found out my bind was built with --disable-linux-caps and
--disable-threads... enabling the first option sounds promising (second one is
just for my own pleasure.)
Rebuilding... I'll report back once I know whether this fixes my problem. :)
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
