Thanks all.
Will try sudo on it.


--- On Wed, 10/29/08, Adam Tkac wrote:

> From: Adam Tkac
> Subject: Re: is it safe to chmod +s named?
> To: "Mark Andrews"
> Cc: bind-users@isc.org
> Date: Wednesday, October 29, 2008, 7:15 AM
> On Wed, Oct 29, 2008 at 01:15:58PM +1100, Mark Andrews
> wrote:
> >
> > In message

> <611607.56975.qm@web45312.mail.sp1.yahoo.com>, Jeff
> Pang writes:
> > > Hello,
> > >
> > > I need to let apache start/stop named.
> > > I set: chmod +s named, so httpd (run with nobody)

> can stop/start it.
> > > Is it safe for this behavior? thanks.

> >
> > In general, no. Named is not designed to be run suid

> root.
> > A ordinary user can do all sorts of damage with

> named.
> >
> > I would suggest that you create a wrapper which then

> exec's
> > named with arguements that you deem safe. This

> wrapper can
> > be suid root.
> >

>
> I think this wrapper already exists and is called
> "sudo". I think the best
> solution is allow apache user to run named binary so it can
> be started
> with "sudo named ...". Usage of SUID bit looks
> like bad solution for
> me as Mark wrote.
>
> Adam
>
> --
> Adam Tkac, Red Hat, Inc.