Re: Bind data directory borked on update from 5.3 to 5.4

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



Brian Mathis wrote:
> On Thu, Jan 21, 2010 at 8:20 AM, Kai Schaetzl <maillists@xxxxxxxxxxxxx> wrote:
>   
>> Kai Schaetzl wrote on Thu, 21 Jan 2010 13:00:48 +0100:
>>
>>     
>>> I wonder now if the owner of
>>> that directory should actually be named?
>>>       
>> Hm, after looking on other machines that have named installed but not in
>> use it's excactly the same there. So, if named wants write permission
>> there, but the rpm always removes that permission - isn't the rpm wrong
>> then? Should I report this as a bug?
>>
>> Kai
>>     
>
> I don't think you'd want a compromised named to be able to make
> changes to your authoritative DNS records, which is what could happen
> if you have permissions set that way.
>   

1) The directory he was referring to does not contain the zone files.
2) The directory that does contain the zone files appears to be owned by
named with write permissions by default.
3) All of my master zone files are owned by root with 644 permissions,
so regardless of the directory permissions, named can't mess with them.
4) The secondary server's zone files have to be writable by named so
they can update from the master.

I don't see a problem here.

-- 
Bowie
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux