On Mon, Jan 21, 2008 at 02:19:02PM +0100, Florian La Roche wrote: > > All other will be readable for all. Also complete /var/named/* subtree > > will be writable by named (for generating core files, DDNS updates, > > secondary servers, generally for easier configuration). > > > > Has anyone arguments against such change? > > > Would it be possible to keep write access within subdirs, so that > it e.g. is possible to keep master named files owned by root.root? > (Not sure this buys anything, but still looks good...) > We should make /var/named directory writable for named (upstream has same opinion, see https://bugzilla.redhat.com/show_bug.cgi?id=400461#c17). So if We have this directory writable it is not needed ship /var/named/{data,slaves,dynamic} subdirectories because non-writable /var/named directory is only one reason for them. Master zones installed by default will be root:named 644 (so no write access) and other perms will be controlled by administrator. So in the end new schema will be: - /etc/{named.conf,rndc.conf,rndc.key} + logfile non-readable for others (ok, world readable named.conf is quite suspicious so leave it private as is) - /var/named will be writable and read-only permissions will be set per-zone by admin - /var/named/* subdirectories will stop exist and files will be moved to /var/named/ Adam -- Adam Tkac, Red Hat, Inc. -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
