summaryrefslogtreecommitdiff
path: root/source/n/bind/rc.bind
diff options
context:
space:
mode:
authorPatrick J Volkerding <volkerdi@slackware.com>2020-02-20 23:40:12 +0000
committerEric Hameleers <alien@slackware.com>2020-02-21 08:59:49 +0100
commit7ca677f34e2bc1408813c8cf7a22de78b8c8ff53 (patch)
tree24c67d046501bbfebb4c71da5b6ae6931abbb855 /source/n/bind/rc.bind
parent2ae63821ddbd9233bed2d74d4b138ca7e5a684bd (diff)
downloadcurrent-7ca677f34e2bc1408813c8cf7a22de78b8c8ff53.tar.gz
Thu Feb 20 23:40:12 UTC 202020200220234012
a/ed-1.16-x86_64-1.txz: Upgraded. l/gtk+3-3.24.14-x86_64-3.txz: Rebuilt. Rebuilt to add wayland backend. l/libuv-1.34.2-x86_64-1.txz: Added. This is needed by bind-9.16.0. l/qt5-5.13.2-x86_64-2.txz: Rebuilt. Rebuilt to add wayland support. Use the system ffmpeg, not the bundled one. n/bind-9.16.0-x86_64-1.txz: Upgraded. rc.bind: don't change file ownerships in /var/named. Thanks to voegelas. n/proftpd-1.3.6c-x86_64-1.txz: Upgraded. No CVEs assigned, but this sure looks like a security issue: Use-after-free vulnerability in memory pools during data transfer. (* Security fix *) x/libinput-1.15.2-x86_64-1.txz: Upgraded. x/xkbcomp-1.4.3-x86_64-1.txz: Upgraded. testing/packages/PAM/proftpd-1.3.6c-x86_64-1_pam.txz: Upgraded. No CVEs assigned, but this sure looks like a security issue: Use-after-free vulnerability in memory pools during data transfer. (* Security fix *)
Diffstat (limited to 'source/n/bind/rc.bind')
-rw-r--r--source/n/bind/rc.bind15
1 files changed, 10 insertions, 5 deletions
diff --git a/source/n/bind/rc.bind b/source/n/bind/rc.bind
index d58dc1e3..91ff8ce1 100644
--- a/source/n/bind/rc.bind
+++ b/source/n/bind/rc.bind
@@ -1,7 +1,7 @@
#!/bin/sh
# Start/stop/restart the BIND name server daemon (named).
-# Start bind. In the past it was more secure to run BIND as a non-root
+# Start BIND. In the past it was more secure to run BIND as a non-root
# user (for example, with '-u daemon'), but the modern version of BIND
# knows how to use the kernel's capability mechanism to drop all root
# privileges except the ability to bind() to a privileged port and set
@@ -10,6 +10,10 @@
# can be set like this in /etc/default/named:
# NAMED_OPTIONS="-u daemon"
# So you will not have to edit this script.
+#
+# Please note that if you run BIND as a non-root user, your files in
+# /var/named may need to be chowned to this user or else named will
+# refuse to start.
# You might also consider running BIND in a "chroot jail",
# a discussion of which may be found in
@@ -53,14 +57,15 @@ find_bind_user() {
# running or you'll get more than one copy running.
bind_start() {
# If we are running as a non-root user, we'll need to be sure that
- # /var/run/named exists, and /var/run/named and /var/named are
- # chowned properly to that user:
+ # /var/run/named exists, and /var/run/named is chowned properly to
+ # that user. Your files in /var/named may need to be chowned as
+ # well, but that will be up to the sysadmin to do.
BIND_USER="$(find_bind_user)"
if [ ! "$BIND_USER" = "root" ]; then
mkdir -p /var/run/named
- chown -R $BIND_USER /var/run/named /var/named
+ chown -R $BIND_USER /var/run/named
else # prevent error if switching back to running as root:
- chown -R root /var/run/named /var/named
+ chown -R root /var/run/named
fi
if [ -x /usr/sbin/named ]; then
echo "Starting BIND: /usr/sbin/named $NAMED_OPTIONS"