Brian Mathis wrote: > On Thu, Jan 21, 2010 at 8:20 AM, Kai Schaetzl <maillists@xxxxxxxxxxxxx> wrote: > >> Kai Schaetzl wrote on Thu, 21 Jan 2010 13:00:48 +0100: >> >> >>> I wonder now if the owner of >>> that directory should actually be named? >>> >> Hm, after looking on other machines that have named installed but not in >> use it's excactly the same there. So, if named wants write permission >> there, but the rpm always removes that permission - isn't the rpm wrong >> then? Should I report this as a bug? >> >> Kai >> > > I don't think you'd want a compromised named to be able to make > changes to your authoritative DNS records, which is what could happen > if you have permissions set that way. > 1) The directory he was referring to does not contain the zone files. 2) The directory that does contain the zone files appears to be owned by named with write permissions by default. 3) All of my master zone files are owned by root with 644 permissions, so regardless of the directory permissions, named can't mess with them. 4) The secondary server's zone files have to be writable by named so they can update from the master. I don't see a problem here. -- Bowie _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos