[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-security] BIND running as root
- Subject: [cobalt-security] BIND running as root
- From: "Simon Wilson" <simon@xxxxxxxxxxxxx>
- Date: Fri, 10 Aug 2001 10:55:42 +0100
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Dear all
Following Michael J. Cannon advice, reading loads of stuff I don't really
understand.. I think that my server is running BIND as root, which I believe
makes it vulnerable.
[admin /etc]$ ps -ef | grep named
root 376 1 0 Aug09 ? 00:00:00 named
admin 22535 21250 0 10:50 pts/0 00:00:00 grep named
I understand I now have to make a user and group for it to run under and
that the user must have a disabled shell and a home directory of wherever
the DNS directory is. My question is how to I do the this?
I then assign BIND to the new user and group like this?
/usr/sbin/named -u dns_user -g dns_group
I am right?
Regards
Simon
"If only we new what we where getting into we never would have done it"