On Thu, Aug 05, 2004, Alexander Belck wrote:
> 1st) Is OpenPKG ver of bind chroot enabled (-t chrootdir) ?
No, not out of the box. If you really want this you have to establish your
own chroot(2) environment under /foo for BIND and use bind_flags="... -t
/foo ..." in rc.conf.
> 2nd) opkg_bind uses opkg[-r] user.
> Does I gain more security using an distinct user and chrooting opkg_bind ?
Well, theoretically yes, practically no IMHO. This everyone has to
decide on his own. Security is always a compromise between not doing
anything and allowing everything. I personally think OpenPKG's default
of using the dedicated restricted user is reasonably secure here.
> 3rd) What does option with_dlz enables ?
It's for serving both zone and meta informations directly out
of a RDBMs like MySQL or PostgreSQL.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
______________________________________________________________________
The OpenPKG Project www.openpkg.org
User Communication List [EMAIL PROTECTED]
