<dt><spanclass="sect1"><ahref="Bv9ARM.ch07.html#Access_Control_Lists">Access Control Lists</a></span></dt>
<dt><spanclass="sect1"><ahref="Bv9ARM.ch07.html#id2573238"><span><strongclass="command">chroot</strong></span> and <span><strongclass="command">setuid</strong></span></a></span></dt>
<dt><spanclass="sect1"><ahref="Bv9ARM.ch07.html#id2573309"><span><strongclass="command">chroot</strong></span> and <span><strongclass="command">setuid</strong></span></a></span></dt>
<aname="id2573238"></a><span><strongclass="command">chroot</strong></span> and <span><strongclass="command">setuid</strong></span></h2></div></div></div>
<aname="id2573309"></a><span><strongclass="command">chroot</strong></span> and <span><strongclass="command">setuid</strong></span></h2></div></div></div>
<p>
On UNIX servers, it is possible to run <spanclass="acronym">BIND</span> in a <spanclass="emphasis"><em>chrooted</em></span> environment
(<span><strongclass="command">chroot()</strong></span>) by specifying the "<codeclass="option">-t</code>"
(using the <span><strongclass="command">chroot()</strong></span> function) by specifying the "<codeclass="option">-t</code>"
option. This can help improve system security by placing <spanclass="acronym">BIND</span> in
a "sandbox", which will limit the damage done if a server is
compromised.
...
...
@@ -132,7 +132,7 @@ zone "example.com" {
We suggest running as an unprivileged user when using the <span><strongclass="command">chroot</strong></span> feature.
</p>
<p>
Here is an example command line to load <spanclass="acronym">BIND</span> in a <span><strongclass="command">chroot()</strong></span> sandbox,
Here is an example command line to load <spanclass="acronym">BIND</span> in a <span><strongclass="command">chroot</strong></span> sandbox,
<span><strongclass="command">/var/named</strong></span>, and to run <span><strongclass="command">named</strong></span><span><strongclass="command">setuid</strong></span> to
<dd><dl><dt><spanclass="sect2"><ahref="Bv9ARM.ch09.html#historical_dns_information">A Brief History of the <spanclass="acronym">DNS</span> and <spanclass="acronym">BIND</span></a></span></dt></dl></dd>
<aname="historical_dns_information"></a>A Brief History of the <spanclass="acronym">DNS</span> and <spanclass="acronym">BIND</span></h3></div></div></div>
...
...
@@ -69,7 +69,7 @@
core of the new system was described in 1983 in RFCs 882 and
883. From 1984 to 1987, the ARPAnet (the precursor to today's
Internet) became a testbed of experimentation for developing the
new naming/addressing scheme in an rapidly expanding,
new naming/addressing scheme in a rapidly expanding,
operational network environment. New RFCs were written and
published in 1987 that modified the original documents to
incorporate improvements based on the working model. RFC 1034,
...
...
@@ -116,7 +116,7 @@
released by Digital Equipment
Corporation (now Compaq Computer Corporation). Paul Vixie, then
a DEC employee, became <spanclass="acronym">BIND</span>'s
primary caretaker. Paul was assisted
primary caretaker. He was assisted
by Phil Almquist, Robert Elz, Alan Barrett, Paul Albitz, Bryan
Beecher, Andrew
Partan, Andy Cherenson, Tom Limoncelli, Berthold Paffrath, Fuat
...
...
@@ -124,7 +124,7 @@
Wolfhugel, and others.
</p>
<p>
<spanclass="acronym">BIND</span>Version 4.9.2 was sponsored by
<spanclass="acronym">BIND</span>version 4.9.2 was sponsored by
Vixie Enterprises. Paul
Vixie became <spanclass="acronym">BIND</span>'s principal
<dt><spanclass="sect2"><ahref="Bv9ARM.ch06.html#controls_statement_definition_and_usage"><span><strongclass="command">controls</strong></span> Statement Definition and
<dt><spanclass="sect2"><ahref="Bv9ARM.ch06.html#server_statement_definition_and_usage"><span><strongclass="command">server</strong></span> Statement Definition and
<dt><spanclass="sect2"><ahref="Bv9ARM.ch06.html#id2566011"><span><strongclass="command">view</strong></span> Statement Definition and Usage</a></span></dt>
<dt><spanclass="sect2"><ahref="Bv9ARM.ch06.html#id2566018"><span><strongclass="command">view</strong></span> Statement Definition and Usage</a></span></dt>
<dt><spanclass="sect2"><ahref="Bv9ARM.ch06.html#id2567457"><span><strongclass="command">zone</strong></span> Statement Definition and Usage</a></span></dt>
<dt><spanclass="sect2"><ahref="Bv9ARM.ch06.html#id2567395"><span><strongclass="command">zone</strong></span> Statement Definition and Usage</a></span></dt>
<dt><spanclass="sect2"><ahref="Bv9ARM.ch06.html#types_of_resource_records_and_when_to_use_them">Types of Resource Records and When to Use Them</a></span></dt>
<dt><spanclass="sect2"><ahref="Bv9ARM.ch06.html#id2571556">Discussion of MX Records</a></span></dt>
<dt><spanclass="sect2"><ahref="Bv9ARM.ch06.html#id2571629">Discussion of MX Records</a></span></dt>
<dt><spanclass="sect1"><ahref="Bv9ARM.ch07.html#Access_Control_Lists">Access Control Lists</a></span></dt>
<dt><spanclass="sect1"><ahref="Bv9ARM.ch07.html#id2573238"><span><strongclass="command">chroot</strong></span> and <span><strongclass="command">setuid</strong></span></a></span></dt>
<dt><spanclass="sect1"><ahref="Bv9ARM.ch07.html#id2573309"><span><strongclass="command">chroot</strong></span> and <span><strongclass="command">setuid</strong></span></a></span></dt>
<dd><dl><dt><spanclass="sect2"><ahref="Bv9ARM.ch09.html#historical_dns_information">A Brief History of the <spanclass="acronym">DNS</span> and <spanclass="acronym">BIND</span></a></span></dt></dl></dd>