* Björn Engels wrote on Sat, Mar 10, 2001 at 18:38 +0100:
"compartment". I am wondering if it is safer if I run bind as user root, but chrooted,
No, you'll have to combine non-root and chroot of course.
or if I run it normally, but as user named. Removing the caps option and adding --user named --group named does not work, because the server isn't allowed to bind to ports < 1024.
I run chrooted DNS server without problems as user named. You may take a look to the "Change Root" section in my german DNS HOWTO (your eMail suggests that you're able to read german). Port binding happens before dropping root privileges. Please don't forget to copy the needed files to your chroot environment (some libs, /usr/sbin/named*, /dev/null, /etc/named.conf and so on). Don't forget to add /var/named.chroot/dev/log (or wherever your chroot exists) to the SYSLOGD_PARAMETER in /etc/rc.config - otherwise syslogd won't get your log messages and you're lost :). oki, Steffen -- Dieses Schreiben wurde maschinell erstellt, es trägt daher weder Unterschrift noch Siegel.