Skip to Main Content
Linux Server Security, Second Edition
book

Linux Server Security, Second Edition

by Michael D. Bauer
January 2005
Intermediate to advanced content levelIntermediate to advanced
544 pages
23h 44m
English
O'Reilly Media, Inc.
Content preview from Linux Server Security, Second Edition
This is the Title of the Book, eMatter Edition
Copyright © 2007 O’Reilly & Associates, Inc. All rights reserved.
Securing BIND
|
181
BIND v9 supports the -u flag only for Linux systems running kernel Version 2.3.99-
pre3 or later (in real terms, Version 2.4 or later). That means that if you’re still running
a 2.2 kernel for some reason, you can’t run BIND v9 as a non-root user.
But there’s no reason you should still be clinging to Linux 2.2. At this writing (Octo-
ber 2004), Linux’s 2.4 kernel has benefitted from nearly four years of tweaks and
improvements; it no longer has anything to prove with regard to stability and secu-
rity. You really ought to be running 2.4 kernels on your Linux bastion servers.
The
-g option in BIND v8 causes named to run under the specified group name. This
option has been dropped in BIND v9, since it would be unusual to run named, which
has the privileges of a specified user, with the privileges of some group other than the
specified user’s. In other words, the group you chose when you created named’s
unprivileged user account is the group whose ID named runs under in BIND v9.
The
-t option changes (chroots) the root of all paths referenced by named. Note that
when chrooting named, this new root is applied even before named.conf is read,
which is why we must also use the
-c option to specify the location of named’s con-
figuration file.
In other words, if you invoke named ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Start your free trial

You might also like

Linux: Powerful Server Administration

Linux: Powerful Server Administration

Uday Sawant, Oliver Pelz, Jonathan Hobson, William Leemans
Linux Server Hacks

Linux Server Hacks

Rob Flickenger
Linux Server Hacks, Volume Two

Linux Server Hacks, Volume Two

William von Hagen, Brian K. Jones

Publisher Resources

ISBN: 0596006705Supplemental ContentCatalog PageErrata