> > Ce poganjas named kot ne-root, potem moras v named.conf dodat se ta
> > vnose:
> > controls {
> >         unix "/var/run/ndc" perm 0600 owner 1000 group 2000;
> > };
> >
> > kjer je 1000 uid pod katerim laufas named, 2000 pa gid.
> Upam si oporekati.


> Protiprimer tvojemu mnenju se nahaja konkretno v paketu:
> ftp://ftp.lugos.si/arhiv/lisa/lisa-bind-8.2.3-1.i386.rpm
> (ja.. malce ze pretiravam ;->)

Malce pa res.

> Kjer je uid=0 in gid=0 in zadeva prav lepo deluje v
> svojem chroot zaporu.

Kaj tocno deluje/ne deluje? Po mojih izkusnjah ne-chrootan bind, ki tece kot 
ne-root (pozenes za z named -u named -g named recimo), potrebuje nastavitve, 
kot sem jih napisal, da ndc deluje (res, pozabil sem napisat ZAKAJ rabis te 

> `man named.conf` pa kar malce dovoumno pravi:
>      A unix control channel is a FIFO in the file system, and access to it
> is controlled by normal file system permissions.  It is created by named
> with the specified file mode bits (see chmod(1)),  user and group owner.
> Note that, unlike chmod, the mode bits specified for perm will normally
> have a leading 0 so the number is interpreted as octal.  Also note that the
> user and group ownership specified as owner and group must be given as
> numbers, not names.  It is recommended that the permissions be re­ stricted
> to administrative personnel only, or else any user on the system might be
> able to manage the local name server.

In v cem se razlikuje to, kar sem jaz naredil zgoraj od tega, kar tu pise? 
Jaz ne vidim tu cisto nic nedvoumnega.


