just for anyone who doesn't already know. ::Debian::
To make bind run not as root.
$addgroup named
$adduser --system --ingroup named named
$pico /etc/init.d/bind
Change these lines
start-stop-daemon --start --quiet --exec /usr/sbin/named
to:
start-stop-daemon --start --quiet --exec /usr/sbin/named -- -g named -u named
then:
$ /etc/init.d/bind stop
$ /etc/init.d/bind start
(restart doesn't work, as it doesn't read the lines we edited)
check the logs that it's running as named
notes on securing debian :
http://joker.rhwd.de/doc/Securing-Debian-HOWTO/Securing-Debian-HOWTO.html
praccus
--
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://slug.org.au/lists/listinfo/slug