On Tue, Jan 22, 2008 at 09:27:14AM +0100, Enrico Scholz wrote: > Andrew Farris <lordmorgul@xxxxxxxxx> writes: > > >> pz/ and the other parts of the chroot filesystem must be read-only > >> for named. > > > > And why exactly is that? > > To give only the required rights is a common and working practice for > years to secure daemons. Fedora should not forget classical ways > (own uid, chroot environments, restrictive permissions) just to give > something like "easier configuration" (where I can not see how mixing > all and everything into a single dir can ease configuration). > Main reason why I want /var/named writable is because named is designed that this directory is supossed to be writable, not easier configuration. It really make problems sometimes when it is not writable. And add some option to initscript which will make that directory writable is suspicious for me. Adam -- Adam Tkac, Red Hat, Inc. -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
