Re: is it safe to chmod +s named?
In message <email@example.com>, Jeff Pang writes:[color=blue]
> I need to let apache start/stop named.
> I set: chmod +s named, so httpd (run with nobody) can stop/start it.
> Is it safe for this behavior? thanks.[/color]
In general, no. Named is not designed to be run suid root.
A ordinary user can do all sorts of damage with named.
I would suggest that you create a wrapper which then exec's
named with arguements that you deem safe. This wrapper can
be suid root.
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: [email]Mark_Andrews@isc.org[/email]