Bug #92
HA DNS should provide a property to allow the DNS service to be run as a non-root user
Status:
Rejected
Priority:
Normal
Assignee:
-
Category:
-
Start date:
2010-08-23
Due date:
% Done:
0%
Estimated time:
Difficulty:
Tags:
Gerrit CR:
Description
ustomer request via the Sun Cluster forum:
I'd like the DNS HA Agent for Sun Cluster 3.2 to be modified so that the admin can choose to run BIND as a
non-root user ie. named. This functionality is desirable for security reasons, as it gives the admin a layer of protection in the event that BIND is compromised. As a non-root process, it won't be capable of doing
as much damage as a compromised root process could. This behaviour is similar to how Apache works, and is already available by specifying "-u <userid>" when starting BIND from the command line, or setting 'user'
and 'group' in method_credential in the SMF manifest.
Updated by Garrett D'Amore over 10 years ago
- Status changed from New to Rejected
This is not an illumos problem, but a problem in the Sun HA cluster product. Rejected.