On Mon, Jan 21, 2008 at 04:13:14AM -0800, Andrew Farris wrote: > Adam Tkac wrote: >> Hi all, >> >> I'm going to do major revision of bind's file modes. Currenly We have >> many files readable only by root and I can't see any reason why keep >> binaries unreadable and unexecutable by other users. Also there isn't >> any reason why keep configuration private. Only this files should not >> be readable by other users: >> - /etc/rndc.key - who has it may control server through rndc utility >> - /var/log/named.log - will have sensitive information >> >> All other will be readable for all. Also complete /var/named/* subtree >> will be writable by named (for generating core files, DDNS updates, >> secondary servers, generally for easier configuration). >> >> Has anyone arguments against such change? >> >> Regards, Adam > > Just a comment, that probably needs to accompany selinux policy adjustments > (or rather, without change in policy other users won't have access even > with mode changes)? > Definitely. SELinux policy will be changed appropriately. Adam -- Adam Tkac, Red Hat, Inc. -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
