permissions on /etc/namedb

[Eugene Grosbein]

On Sun, Aug 03, 2008 at 10:31:03AM -0700, Doug Barton wrote:

> >I need /etc/namedb to be owned by root:bind and have permissions 01775,
> >so bind may write to it but may not overwrite files that belong to root
> >here, and I made it so. 
> I understand your frustration with something having changed that you 
> did not expect. I would like to ask you though, what are you trying to 
> accomplish here? What you suggested isn't really good from a security 
> perspective because if an attacker does get in they can remove files 
> from the directory that are owned by root and replace them with their 
> own versions.

Can he? Doesn't sticky bit on the directory prevent him from that?

> If you give me a better idea what you're trying to do then I can give 
> you some suggestions on how to make it happen.

Well, I just want bind be allowed to write to is working directory.
Yes, it's possible to redefine it but I'd rather avoid this,
to not break existing setups.

> >I dislike it very much when a system thinks it knows better what user 
> >needs.
> 
> So do I. :)  In this case however I wanted to set up a system that is 
> extremely secure by default so that the average user can be 
> comfortable starting named in its default configuration.

I agree completly.

> Obviously expert users can tweak the thing themselves.

So, the question is: how to tweak?

> >Also, I do not want to move a place where bind writes its files to another
> >location just because system does not want it to write here.
> 
> That's up to you of course, but it's definitely more secure in the 
> long run to do it that way.

But that way prevents named to write to its working directory,
this bothers me.

Eugene Grosbein