Re: BIND less restrictive modes and policy

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hello Adam,


On Mon, Jan 21, 2008 at 12:57:38PM +0100, Adam Tkac wrote:
> Hi all,
> 
> I'm going to do major revision of bind's file modes. Currenly We have
> many files readable only by root and I can't see any reason why keep
> binaries unreadable and unexecutable by other users. Also there isn't
> any reason why keep configuration private. Only this files should not
> be readable by other users:
> - /etc/rndc.key - who has it may control server through rndc utility
> - /var/log/named.log - will have sensitive information

ok

> 
> All other will be readable for all. Also complete /var/named/* subtree
> will be writable by named (for generating core files, DDNS updates,
> secondary servers, generally for easier configuration).
> 
> Has anyone arguments against such change?


Would it be possible to keep write access within subdirs, so that
it e.g. is possible to keep master named files owned by root.root?
(Not sure this buys anything, but still looks good...)

regards,

Florian La Roche

-- 
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux