[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: More BIND thoughts
-----BEGIN PGP SIGNED MESSAGE-----
On Sat, 16 Jan 1999, Jason Pincin wrote:
> > So, the question is:
> > What's more important- security or standard file placement?
> > I opt for security.
>
> Definately security. Agreed. And I understood the fact that named was
> running as a seperate user (named). My method of getting around that
> would be to create a group such as 'daemon' or what not for var/log
> permissions and var/run. For /etc you would just need file level group
> changes. Etc...
>
> Again... just a thought, if people think it's better to let everything
> reside in home, I'll go along with that... let me know your thoughts on
> the above though.
A wise man told me: If it ain't broke don't fix it. Considering all the
other work we need to do to get the site operational, I say leave it.
> On a side note... I understand as well that it's an RPM so moving stuff
> around is a bad idea there... we'd have ta go to the source.
>
> Another idea is to just create links from all the standard places. You
> could link /etc/named.conf and /var/log/named and /var/run/named.pid back
> to the proper files/directories as well.
See my other email on DNS where I explain why this is not a good idea.
- --
Aaron Turner | Either which way, one half dozen or another.
aturner@pobox.com | Check out the Red Hat Linux User's FAQ Online!
www.pobox.com/~aturner | http://www.pobox.com/~aturner/RedHat-FAQ/
All emails from this account are PGP signed. Lack of a signature is "bad".
PGP Key fingerprint = FB E1 CE ED 57 E4 AB 80 59 6E 60 BF 45 1B 20 E8
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQCVAwUBNqEK/TM3jpXy1kJtAQFgrwP+JlmWTvYf6dkTdS5z7TnLWz2codhrmTMV
YhgTP9GpIx7SNl9OnD1rnpBlf9rXJIr+v9zSUHRKacRO+dZGqPJEmvnfC9j46WG1
jJjm7ebjl/l4tOVR/EOhjzvt+jZv8tSKFz4yb7Nxc3nGvDwXXROy9zHLxpM5eIFk
T3J3pdRkAKY=
=FqZR
-----END PGP SIGNATURE-----