Bug #92: HA DNS should provide a property to allow the DNS service to be run as a non-root user - illumos gate - illumos

Bug #92

HA DNS should provide a property to allow the DNS service to be run as a non-root user

Added by John Doe over 10 years ago. Updated over 10 years ago.

Status:

Rejected

Priority:

Normal

Assignee:

Category:

Start date:

2010-08-23

Due date:

% Done:

Estimated time:

Difficulty:

Tags:

Gerrit CR:

Description

ustomer request via the Sun Cluster forum:

I'd like the DNS HA Agent for Sun Cluster 3.2 to be modified so that the admin can choose to run BIND as a
non-root user ie. named. This functionality is desirable for security reasons, as it gives the admin a layer of protection in the event that BIND is compromised. As a non-root process, it won't be capable of doing
as much damage as a compromised root process could. This behaviour is similar to how Apache works, and is already available by specifying "-u <userid>" when starting BIND from the command line, or setting 'user'
and 'group' in method_credential in the SMF manifest.

Updated by Garrett D'Amore over 10 years ago

Status changed from New to Rejected

This is not an illumos problem, but a problem in the Sun HA cluster product. Rejected.

Also available in: Atom PDF

Project

General

Profile

illumos gate

Custom queries

Bug #92

HA DNS should provide a property to allow the DNS service to be run as a non-root user

Updated by Garrett D'Amore over 10 years ago