[OpenIndiana-discuss] OI BIND server

James Carlson carlsonj at workingcode.com
Thu Apr 12 16:05:09 UTC 2012


Mark Creamer wrote:
> Thanks Dave and Gary for the input. Once I understood where the system
> messages were going I was able to figure out that I had an issue with
> the permissions on the named.conf file I was using. I changed two
> things:
> 
> 1. chown root:sys /etc/named.conf  (It was root:root)
> 2. chmod 755 /etc/named.conf
> 
> Now it starts properly. Can anyone confirm for me that the permissions
> are correct though? I just want to make sure it's secure and I think
> 755 might not be restrictive enough??

There's probably not much sense in making a configuration file be
executable, right?

I'd make it root:root and mode 0640.  /usr/sbin/named normally runs as
UID root, GID root, but if it's different on your system, you might need
to adjust.  You could check by doing something like this:

ps -o uid,gid,comm -p `pgrep -d, named`

-- 
James Carlson         42.703N 71.076W         <carlsonj at workingcode.com>



More information about the OpenIndiana-discuss mailing list