Debian Bug report logs - #157245
bind: Please consider providing an easy way to run named as other user != root

Package: bind9; Maintainer for bind9 is LaMont Jones <lamont@debian.org>; Source for bind9 is src:bind9.

Reported by: "Javier Fernandez-Sanguino Pena" <jfs@dat.etsit.upm.es>

Date: Mon, 19 Aug 2002 09:03:04 UTC

Severity: wishlist

Tags: patch

Merged with 50013, 52745, 53550, 128129, 132582

Done: Thomas Goirand <thomas@goirand.fr>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Bdale Garbee <bdale@gag.com>, bind@packages.qa.debian.org:
Bug#157245; Package bind. Full text and rfc822 format available.

Acknowledgement sent to "Javier Fernandez-Sanguino Pena" <jfs@dat.etsit.upm.es>:
New Bug report received and forwarded. Copy sent to Bdale Garbee <bdale@gag.com>, bind@packages.qa.debian.org. Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: "Javier Fernandez-Sanguino Pena" <jfs@dat.etsit.upm.es>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: bind: Please consider providing an easy way to run named as other user != root
Date: Mon, 19 Aug 2002 10:56:38 +0200
Package: bind
Version: 1:8.3.3-0.woody.1
Severity: wishlist
Tags: patch security

Of course, this bug is related to  #104191, #132582, #50013 (and all the
merged bugs) but does not try to close any of them (and is a different
approach than #104191 so I'm not sending a follow up there).

The maintainer has (in #53550) said that he was willing to fix this after
potato but, as a matter of fact, none of the bugs have been closed for
woody.

I suggest providing an easy way to both satisfy the maintainer (i.e. keep
laptops with bind working) and satisfy end-user (admins) which might be
running bind on mission critical servers (i.e. *not* laptops, but servers
connected to the Internet). This bug report includes a patch that moves
towards that end the approach would be:

1.- include this patch (or patch #104191 since they provide the same
functionality, the latest one might be more versatile but does not 
prevent the user from shooting himself on the foot) in the next release.
No USER/GROUP should be defined (so the setup would not change)

2.- Ask base-passwd to add the 'named' user and group

3.- (once 2 is done) submit a new package with debconf configuration that
substitutes either RUNUSER/RUNGROUP or OPTIONS in the init.d or default's 
files. The question (medium priority) would be:
"Do you want named to *not* run as root." Also the question should include
the relevant information (ie PCMCIA problems) why a user might not want
this. However, the default answer should be "yes". If so, the package should
subsitute so that the used USER was 'named'.

4.- (together with 3) Files under /etc/bind as well as log files
(/var/log/named? are they active by default) should be group 'named' user
'root' and probably have 640 permissions.

(all these could be submitted as new bug reports once 1) is done :)


The patch below has been (slightly) tested, maybe you could submit a bind
package to experimental with the package applied and ask for testers in
debian-security. I gather that being 'bind' a *very* sensitive package you
do not want to introduce patches that would break it... however, that's what
'unstable' is for, isn't it? :)

Regards

	Javi


PS: For more information (recovered from discussions in the debian-security
mailing list) please read
http://www.debian.org/doc/manuals/securing-debian-howto/ch-sec-services.en.html#s-sec-bind


-- System Information
Debian Release: 3.0
Architecture: i386
Kernel: Linux avalon 2.4.18 #1 SMP miƩ abr 3 12:47:49 CEST 2002 i686
Locale: LANG=es_ES@euro, LC_CTYPE=es_ES@euro

Versions of packages bind depends on:
ii  libc6                         2.2.5-11.1 GNU C Library: Shared libraries an
ii  netbase                       4.07       Basic TCP/IP networking system

--- bind.orig	Mon Aug 19 10:23:09 2002
+++ bind	Mon Aug 19 10:33:07 2002
@@ -4,10 +4,34 @@
 
 test -x /usr/sbin/named || exit 0
 
+# Set the user you want the name server to run as
+# here (default is root). Make sure the user exists
+# in the system before doing so.
+#RUNUSER=named
+#RUNGROUP=named
+
 start () {
 	echo -n "Starting domain name service: named"
-	start-stop-daemon --start --quiet \
-	    --pidfile /var/run/named.pid --exec /usr/sbin/named 
+	if [ -z "$RUNUSER" -o -z "$RUNGROUP" ] 
+	then
+	# Default behavior run as root:
+		start-stop-daemon --start --quiet \
+		--pidfile /var/run/named.pid --exec /usr/sbin/named 
+	else
+	# Check if the user and group exists first
+	RUNUSEREXIST=`/bin/grep  ^$RUNUSER /etc/passwd`
+	RUNGROUPEXIST=`/bin/grep ^$RUNGROUP /etc/group`
+	if [ -n "$RUNUSEREXIST" -a -n "$RUNGROUPEXIST" ] 
+		then
+			start-stop-daemon --start --quiet \
+			--pidfile /var/run/named.pid --exec /usr/sbin/named -- -u $RUNUSER -g $RUNGROUP
+	else 
+		echo -n "WARN: named will not run as $RUNUSER/$RUNGROUP since one (or both) of them does not exist in yor system. Running as root"
+		start-stop-daemon --start --quiet \
+		--pidfile /var/run/named.pid --exec /usr/sbin/named 
+	fi
+	fi
+
 	echo "."	
 }
 
@@ -37,7 +61,16 @@
     ;;
     
     reload)
+	if [ -z "$RUNUSER" -o -z "$RUNGROUP" ] 
+	then
 	/usr/sbin/ndc reload
+	else
+	# We do not want to use ndc as root if the user wants another user
+	# better use the same as restart
+	stop
+	sleep 2
+	start
+	fi
     ;;
 
     *)




Tags removed: security Request was from Matt Zimmerman <mdz@debian.org> to control@bugs.debian.org. Full text and rfc822 format available.

Merged 50013 52745 53550 128129 132582 157245. Request was from LaMont Jones <lamont@debian.org> to control@bugs.debian.org. Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, LaMont Jones <lamont@debian.org>:
Bug#157245; Package bind. Full text and rfc822 format available.

Acknowledgement sent to Marco Rodrigues <gothicx@sapo.pt>:
Extra info received and forwarded to list. Copy sent to LaMont Jones <lamont@debian.org>. Full text and rfc822 format available.

Message #14 received at 157245@bugs.debian.org (full text, mbox):

From: Marco Rodrigues <gothicx@sapo.pt>
To: 402231@bugs.debian.org, 92147@bugs.debian.org, 52745@bugs.debian.org, 197670@bugs.debian.org, 481921@bugs.debian.org, 157245@bugs.debian.org, 248193@bugs.debian.org, 442910@bugs.debian.org, 81252@bugs.debian.org, 156349@bugs.debian.org, 94760@bugs.debian.org, 212625@bugs.debian.org, 260915@bugs.debian.org, 402232@bugs.debian.org, 86488@bugs.debian.org, 149342@bugs.debian.org, 282239@bugs.debian.org, 128129@bugs.debian.org, 62547@bugs.debian.org, 106789@bugs.debian.org, 46856@bugs.debian.org, 85081@bugs.debian.org, 242579@bugs.debian.org, 45470@bugs.debian.org, 50013@bugs.debian.org, 88326@bugs.debian.org, 95773@bugs.debian.org, 190577@bugs.debian.org, 53550@bugs.debian.org, 132492@bugs.debian.org, 24280@bugs.debian.org, 441290@bugs.debian.org, 88982@bugs.debian.org, 355787@bugs.debian.org, 199252@bugs.debian.org, 70079@bugs.debian.org, 213706@bugs.debian.org, 129710@bugs.debian.org, 170872@bugs.debian.org, 86013@bugs.debian.org, 280955@bugs.debian.org, 260759@bugs.debian.org, 99538@bugs.debian.org, 234167@bugs.debian.org, 132582@bugs.debian.org, 81190@bugs.debian.org, 352054@bugs.debian.org, 169124@bugs.debian.org, 132494@bugs.debian.org, 55032@bugs.debian.org, 85909@bugs.debian.org, 197669@bugs.debian.org, control@bugs.debian.org, bind9@packages.debian.org
Subject: Reassigning bugs from bind to bind9
Date: Sun, 13 Jul 2008 23:01:40 +0100
reassign 402231 bind9
reassign 92147 bind9
reassign 52745 bind9
reassign 197670 bind9
reassign 481921 bind9
reassign 157245 bind9
reassign 248193 bind9
reassign 442910 bind9
reassign 81252 bind9
reassign 156349 bind9
reassign 94760 bind9
reassign 212625 bind9
reassign 260915 bind9
reassign 402232 bind9
reassign 86488 bind9
reassign 149342 bind9
reassign 282239 bind9
reassign 128129 bind9
reassign 62547 bind9
reassign 106789 bind9
reassign 46856 bind9
reassign 85081 bind9
reassign 242579 bind9
reassign 45470 bind9
reassign 50013 bind9
reassign 88326 bind9
reassign 95773 bind9
reassign 190577 bind9
reassign 53550 bind9
reassign 132492 bind9
reassign 24280 bind9
reassign 441290 bind9
reassign 88982 bind9
reassign 355787 bind9
reassign 199252 bind9
reassign 70079 bind9
reassign 213706 bind9
reassign 129710 bind9
reassign 170872 bind9
reassign 86013 bind9
reassign 280955 bind9
reassign 260759 bind9
reassign 99538 bind9
reassign 234167 bind9
reassign 132582 bind9
reassign 81190 bind9
reassign 352054 bind9
reassign 169124 bind9
reassign 132494 bind9
reassign 55032 bind9
reassign 85909 bind9
reassign 197669 bind9
thanks

The bind package has been removed from Debian testing, unstable and
experimental. I am reassigning its bugs to the bind9 package. Please
have a look at them, and close them if they don't apply to
bind9 anymore.

Don't hesitate to reply to this mail if you have any question.

--
Marco Rodrigues
http://Marco.Tondela.org




Bug reassigned from package `bind' to `bind9'. Request was from Marco Rodrigues <gothicx@sapo.pt> to control@bugs.debian.org. (Sun, 13 Jul 2008 22:07:12 GMT) Full text and rfc822 format available.

Bug reassigned from package `bind9' to `bind9'. Request was from Marco Rodrigues <gothicx@sapo.pt> to control@bugs.debian.org. (Sun, 13 Jul 2008 22:07:16 GMT) Full text and rfc822 format available.

Bug reassigned from package `bind9' to `bind9'. Request was from Marco Rodrigues <gothicx@sapo.pt> to control@bugs.debian.org. (Sun, 13 Jul 2008 22:07:36 GMT) Full text and rfc822 format available.

Bug reassigned from package `bind9' to `bind9'. Request was from Marco Rodrigues <gothicx@sapo.pt> to control@bugs.debian.org. (Sun, 13 Jul 2008 22:07:38 GMT) Full text and rfc822 format available.

Bug reassigned from package `bind9' to `bind9'. Request was from Marco Rodrigues <gothicx@sapo.pt> to control@bugs.debian.org. (Sun, 13 Jul 2008 22:07:59 GMT) Full text and rfc822 format available.

Bug reassigned from package `bind9' to `bind9'. Request was from Marco Rodrigues <gothicx@sapo.pt> to control@bugs.debian.org. (Sun, 13 Jul 2008 22:08:25 GMT) Full text and rfc822 format available.

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sat, 15 Oct 2011 07:32:17 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Mon Apr 21 06:45:45 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.