Project

General

Profile

Bug #92

HA DNS should provide a property to allow the DNS service to be run as a non-root user

Added by David Fotel almost 10 years ago. Updated almost 10 years ago.

Status:
Rejected
Priority:
Normal
Assignee:
-
Category:
-
Start date:
2010-08-23
Due date:
% Done:

0%

Estimated time:
Difficulty:
Tags:
Gerrit CR:

Description

ustomer request via the Sun Cluster forum:

I'd like the DNS HA Agent for Sun Cluster 3.2 to be modified so that the admin can choose to run BIND as a
non-root user ie. named. This functionality is desirable for security reasons, as it gives the admin a layer of protection in the event that BIND is compromised. As a non-root process, it won't be capable of doing
as much damage as a compromised root process could. This behaviour is similar to how Apache works, and is already available by specifying "-u <userid>" when starting BIND from the command line, or setting 'user'
and 'group' in method_credential in the SMF manifest.

History

#1

Updated by Garrett D'Amore almost 10 years ago

  • Status changed from New to Rejected

This is not an illumos problem, but a problem in the Sun HA cluster product. Rejected.

Also available in: Atom PDF