I thank gabriel rosenkoetter and Toens Bueker for their replies. The answer is:
# named -u <uid> -g <gid>
But doing this alone isn't enough, Gabriel suggested this:
http://www.securityfocus.com/focus/sun/articles/bind-inst.html
Toens pointed to this:
Both of them are really good.
Thanks again.
Rui
> This is one advice on correcting the problem from
> http://www.sans.org/topten.htm, How To Eliminate The Ten Most Critical
Internet
> Security Threats:
>
> C. Run BIND as a non-privileged user for protection in the event of future
> remote-compromise attacks. (However, only processes running as root can be
> configured to use ports below 1024 - a requirement for DNS. Therefore you must
> configure BIND to change the user-id after binding to the port.)
>
> My question is, how to configure BIND to change the user-id after binding to
the
> port?
S
U BEFORE POSTING please READ the FAQ located at
N ftp://ftp.cs.toronto.edu/pub/jdd/sun-managers/faq
. and the list POLICY statement located at
M ftp://ftp.cs.toronto.edu/pub/jdd/sun-managers/policy
A To submit questions/summaries to this list send your email message to:
N sun-managers@ececs.uc.edu
A To unsubscribe from this list please send an email message to:
G majordomo@sunmanagers.ececs.uc.edu
E and in the BODY type:
R unsubscribe sun-managers
S Or
. unsubscribe sun-managers original@subscription.address
L To view an archive of this list please visit:
I http://www.latech.edu/sunman.html
S
T
This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:14:11 CDT