Debian Bug report logs - #53550
bind: WISH: run nameserver as user bind, group bind

Package: bind9; Maintainer for bind9 is LaMont Jones <lamont@debian.org>; Source for bind9 is src:bind9.

Reported by: inaky@teknoland.com

Date: Mon, 27 Dec 1999 15:03:03 UTC

Severity: wishlist

Tags: patch

Merged with 50013, 52745, 128129, 132582, 157245

Done: Thomas Goirand <thomas@goirand.fr>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Bdale Garbee <bdale@gag.com>:
Bug#53550; Package bind. Full text and rfc822 format available.

Acknowledgement sent to inaky@teknoland.com:
New Bug report received and forwarded. Copy sent to Bdale Garbee <bdale@gag.com>. Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: inaky@teknoland.com
To: submit@bugs.debian.org
Subject: bind: WISH: run nameserver as user bind, group bind
Date: Mon, 27 Dec 1999 16:00:55 +0100 (CET)
Package: bind
Version: 1:8.2.2p5-4
Severity: wishlist

        Hi

        I'd like to suggest to add a system user bind and group
bind. The nameserver 'named' would be run under this one (using
switches -g and -u at /etc/init.d/bind#start), and then changing,
after nameserver start, the user and group of /var/run/ndc to
bind.bind, as well as the mode to g+w to allow members of group bind
access to the name server control facilities.

        I've been using this approach for a while now and it works
flawlessly. Only glitch I've found is PID file creation after named
drops root privileges.

        Thanks,

        Your happy Debian user

-- System Information
Debian Release: potato
Kernel Version: Linux lithium 2.2.12 #7 vie nov 12 21:03:02 CET 1999 i686 unknown

Versions of the packages bind depends on:
ii  libc6           2.1.2-10       GNU C Library: Shared libraries and timezone
ii  netbase         3.16-8         Basic TCP/IP networking binaries

--- Begin /etc/init.d/bind (modified conffile)
#!/bin/sh
PATH=/sbin:/bin:/usr/sbin:/usr/bin
test -x /usr/sbin/named || exit 0
case "$1" in
    start)
	echo -n "Starting domain name service: named"
	start-stop-daemon --start --quiet --exec /usr/sbin/named \
            -- -u bind -g bind
	echo "."	
        chown bind.bind /var/run/ndc
        chmod gu=rw,o= /var/run/ndc
    ;;
    stop)
	echo -n "Stopping domain name service: named"
	start-stop-daemon --stop --quiet  \
	    --pidfile /var/run/named.pid --exec /usr/sbin/named
	echo "."	
    ;;
    restart)
	/usr/sbin/ndc restart
    ;;
    
    reload)
	/usr/sbin/ndc reload
    ;;
    force-reload)
        $0 restart
    ;;
    *)
	echo "Usage: /etc/init.d/bind {start|stop|reload|restart|force-reload}" >&2
	exit 1
    ;;
esac
exit 0

--- End /etc/init.d/bind

--- Begin /etc/bind/named.conf (modified conffile)
// This is the primary configuration file for the BIND DNS server named.
//
// Please read /usr/share/doc/bind/README.Debian for information on the 
// structure of BIND configuration files in Debian for BIND versions 8.2.1 
// and later, *BEFORE* you customize this configuration file.
//
options {
        directory "/var/cache/bind";
        // If there is a firewall between you and nameservers you want
        // to talk to, you might need to uncomment the query-source
        // directive below.  Previous versions of BIND always asked
        // questions using port 53, but BIND 8.1 and later use an unprivileged
        // port by default.
        // query-source address * port 53;
	// If your ISP provided one or more IP addresses for stable 
	// nameservers, you probably want to use them as forwarders.  
	// Uncomment the following block, and insert the addresses replacing 
	// the all-0's placeholder.
	// forwarders {
	// 	0.0.0.0;
	// };
};
// reduce log verbosity on issues outside our control
logging {
	category lame-servers { null; };
	category cname { null; };
};
// prime the server with knowledge of the root servers
//zone "." {
//        type hint;
//        file "/etc/bind/db.root";
//};
// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912
zone "localhost" {
        type master;
        file "/etc/bind/db.local";
};
zone "127.in-addr.arpa" {
        type master;
        file "/etc/bind/db.127";
};
zone "0.in-addr.arpa" {
        type master;
        file "/etc/bind/db.0";
};
zone "255.in-addr.arpa" {
        type master;
        file "/etc/bind/db.255";
};
// add entries for other zones below here
// Sistema TeknoDNS: informaciĆ³n de las zonas directas
include "/var/lib/teknodns/db/zones.conf";
// Sistema TeknoDNS: informaciĆ³n de las zonas inversas
include "/var/lib/teknodns/db/izones.conf";

--- End /etc/bind/named.conf


Information forwarded to debian-bugs-dist@lists.debian.org:
Bug#53550; Package bind. Full text and rfc822 format available.

Acknowledgement sent to Bdale Garbee <bdale@gag.com>:
Extra info received and forwarded to list. Full text and rfc822 format available.

Message #10 received at 53550@bugs.debian.org (full text, mbox):

From: Bdale Garbee <bdale@gag.com>
To: inaky@teknoland.com, 53550@bugs.debian.org
Subject: Re: Bug#53550: bind: WISH: run nameserver as user bind, group bind
Date: Mon, 27 Dec 1999 10:25:37 -0700 (MST)
In article <m122bdn-000RiPC@localhost> you wrote:

>         I've been using this approach for a while now and it works
> flawlessly. Only glitch I've found is PID file creation after named
> drops root privileges.

As long as you have no dynamic interfaces (like PCMCIA card-provided 
interfaces) this will work fine.  If you aren't running as root, BIND will not
notice nor serve requests on interfaces that weren't present when it was
launched.

The request to configure BIND to run non-root is a persistent one, though, so
I suspect I'll address it somehow after the potato release.

Bdale


Merged 50013 53550. Request was from bdale@gag.com (Bdale Garbee) to control@bugs.debian.org. Full text and rfc822 format available.

Merged 50013 52745 53550. Request was from bdale@gag.com (Bdale Garbee) to control@bugs.debian.org. Full text and rfc822 format available.

Merged 50013 52745 53550 128129. Request was from bdale@gag.com (Bdale Garbee) to control@bugs.debian.org. Full text and rfc822 format available.

Merged 50013 52745 53550 128129 132582. Request was from bdale@gag.com (Bdale Garbee) to control@bugs.debian.org. Full text and rfc822 format available.

Merged 50013 52745 53550 128129 132582 157245. Request was from LaMont Jones <lamont@debian.org> to control@bugs.debian.org. Full text and rfc822 format available.

Bug reassigned from package `bind' to `bind9'. Request was from Marco Rodrigues <gothicx@sapo.pt> to control@bugs.debian.org. (Sun, 13 Jul 2008 22:07:09 GMT) Full text and rfc822 format available.

Bug reassigned from package `bind9' to `bind9'. Request was from Marco Rodrigues <gothicx@sapo.pt> to control@bugs.debian.org. (Sun, 13 Jul 2008 22:07:18 GMT) Full text and rfc822 format available.

Bug reassigned from package `bind9' to `bind9'. Request was from Marco Rodrigues <gothicx@sapo.pt> to control@bugs.debian.org. (Sun, 13 Jul 2008 22:07:35 GMT) Full text and rfc822 format available.

Bug reassigned from package `bind9' to `bind9'. Request was from Marco Rodrigues <gothicx@sapo.pt> to control@bugs.debian.org. (Sun, 13 Jul 2008 22:07:38 GMT) Full text and rfc822 format available.

Bug reassigned from package `bind9' to `bind9'. Request was from Marco Rodrigues <gothicx@sapo.pt> to control@bugs.debian.org. (Sun, 13 Jul 2008 22:07:40 GMT) Full text and rfc822 format available.

Bug reassigned from package `bind9' to `bind9'. Request was from Marco Rodrigues <gothicx@sapo.pt> to control@bugs.debian.org. (Sun, 13 Jul 2008 22:08:24 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, LaMont Jones <lamont@debian.org>:
Bug#53550; Package bind9. Full text and rfc822 format available.

Acknowledgement sent to Marco Rodrigues <gothicx@sapo.pt>:
Extra info received and forwarded to list. Copy sent to LaMont Jones <lamont@debian.org>. Full text and rfc822 format available.

Message #37 received at 53550@bugs.debian.org (full text, mbox):

From: Marco Rodrigues <gothicx@sapo.pt>
To: 402231@bugs.debian.org, 92147@bugs.debian.org, 52745@bugs.debian.org, 197670@bugs.debian.org, 481921@bugs.debian.org, 157245@bugs.debian.org, 248193@bugs.debian.org, 442910@bugs.debian.org, 81252@bugs.debian.org, 156349@bugs.debian.org, 94760@bugs.debian.org, 212625@bugs.debian.org, 260915@bugs.debian.org, 402232@bugs.debian.org, 86488@bugs.debian.org, 149342@bugs.debian.org, 282239@bugs.debian.org, 128129@bugs.debian.org, 62547@bugs.debian.org, 106789@bugs.debian.org, 46856@bugs.debian.org, 85081@bugs.debian.org, 242579@bugs.debian.org, 45470@bugs.debian.org, 50013@bugs.debian.org, 88326@bugs.debian.org, 95773@bugs.debian.org, 190577@bugs.debian.org, 53550@bugs.debian.org, 132492@bugs.debian.org, 24280@bugs.debian.org, 441290@bugs.debian.org, 88982@bugs.debian.org, 355787@bugs.debian.org, 199252@bugs.debian.org, 70079@bugs.debian.org, 213706@bugs.debian.org, 129710@bugs.debian.org, 170872@bugs.debian.org, 86013@bugs.debian.org, 280955@bugs.debian.org, 260759@bugs.debian.org, 99538@bugs.debian.org, 234167@bugs.debian.org, 132582@bugs.debian.org, 81190@bugs.debian.org, 352054@bugs.debian.org, 169124@bugs.debian.org, 132494@bugs.debian.org, 55032@bugs.debian.org, 85909@bugs.debian.org, 197669@bugs.debian.org, control@bugs.debian.org, bind9@packages.debian.org
Subject: Reassigning bugs from bind to bind9
Date: Sun, 13 Jul 2008 23:01:40 +0100
reassign 402231 bind9
reassign 92147 bind9
reassign 52745 bind9
reassign 197670 bind9
reassign 481921 bind9
reassign 157245 bind9
reassign 248193 bind9
reassign 442910 bind9
reassign 81252 bind9
reassign 156349 bind9
reassign 94760 bind9
reassign 212625 bind9
reassign 260915 bind9
reassign 402232 bind9
reassign 86488 bind9
reassign 149342 bind9
reassign 282239 bind9
reassign 128129 bind9
reassign 62547 bind9
reassign 106789 bind9
reassign 46856 bind9
reassign 85081 bind9
reassign 242579 bind9
reassign 45470 bind9
reassign 50013 bind9
reassign 88326 bind9
reassign 95773 bind9
reassign 190577 bind9
reassign 53550 bind9
reassign 132492 bind9
reassign 24280 bind9
reassign 441290 bind9
reassign 88982 bind9
reassign 355787 bind9
reassign 199252 bind9
reassign 70079 bind9
reassign 213706 bind9
reassign 129710 bind9
reassign 170872 bind9
reassign 86013 bind9
reassign 280955 bind9
reassign 260759 bind9
reassign 99538 bind9
reassign 234167 bind9
reassign 132582 bind9
reassign 81190 bind9
reassign 352054 bind9
reassign 169124 bind9
reassign 132494 bind9
reassign 55032 bind9
reassign 85909 bind9
reassign 197669 bind9
thanks

The bind package has been removed from Debian testing, unstable and
experimental. I am reassigning its bugs to the bind9 package. Please
have a look at them, and close them if they don't apply to
bind9 anymore.

Don't hesitate to reply to this mail if you have any question.

--
Marco Rodrigues
http://Marco.Tondela.org




Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sat, 15 Oct 2011 07:32:17 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sun Apr 20 06:25:00 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.