[oi-dev] Anybody else running named on OI

stes@PANDORA.BE stes at telenet.be
Fri Oct 23 16:12:43 UTC 2020 

You could write a manpage which specifically discusses OpenIndiana SMF bind,
such as dns-server (1m) for example, and which if you'd type

 man dns-server

would give you a list of the SMF properties and discuss the SMF for dns-server.

Possibly this manpage could have an example that shows that you have chown the directory to user named,
as in "Establishing Appropriate Authorization for user 'named'".

But the same problem: who'd look in there ??  But such a document (manpage) can be useful.

If you'd contribute such a manpage you could create a GIT pull request and add a file:

    oi-userland/components/network/bind/Solaris/dns-server.1m

and then propose a change in the manifest:

file Solaris/dns-server.1m path=usr/share/man/man1m/dns-server.1m


Regards,
David Stes

----- Op 23 okt 2020 om 16:22 schreef Gary Mills gary_mills at fastmail.fm:

> On Fri, Oct 23, 2020 at 08:49:17AM +0200, stes at PANDORA.BE wrote:
>> 
>> It's true that running BIND with -u option (e.g. -u named) is a
>> classical way to run BIND as non-root, so the SMF service could (or
>> already is) encourage that.
> 
> Yes, that is the default under OI.  I thought at first that it was
> broken, but with further reading I discovered that it was not broken.
> 
>> If you check out with GIT : git clone oi-userland
>> and you check the Makefile of the components/network/bind
>> 
>> There is a directory
>> 
>>    oi-userland/components/network/bind/Solaris
>> 
>> For the server.xml there is a comment
>> 
>>         <!--
>>                 user: Run bind as the specified users, using the -u
>>                 command line option.
>>         -->
>>         <propval name='user' type='astring' value='named' />
> 
> Yes, that is the SMF manifest.
> 
>> Perhaps you can add as a comment there what you have discovered ?
> 
> I don't really want to modify the source just to add a comment.
> 
>> This can be a note in the server.xml comments that could be useful
>> for other users,
>> so that they don't run into that same issue.
> 
> Who would look there?  A document on the web site or a change to a
> man page would be more appropriate.  As it stands now, there is not
> even a word about SMF in the bind man pages.  People won't even run
> bind on OI if they can't even tell how to start it.
> 
> 
> --
> -Gary Mills-		-refurb-		-Winnipeg, Manitoba, Canada-
> 
> _______________________________________________
> oi-dev mailing list
> oi-dev at openindiana.org
> https://openindiana.org/mailman/listinfo/oi-dev

More information about the oi-dev mailing list