Группа :: Система/Серверы
Пакет: bind
навигация по пакетам
Главная Изменения Спек Патчи Загрузить Bugs and FR
Патч: bind-9.3.5-openbsd-owl-chroot-defaults.patch
--- bind-9.3.5/bin/named/include/named/globals.h
+++ bind-9.3.5/bin/named/include/named/globals.h
@@ -100,7 +100,7 @@ EXTERN isc_resourcevalue_t ns_g_initopenfiles INIT(0);
* Misc.
*/
EXTERN isc_boolean_t ns_g_coreok INIT(ISC_TRUE);
-EXTERN const char * ns_g_chrootdir INIT(NULL);
+EXTERN const char * ns_g_chrootdir INIT("@ROOT@");EXTERN isc_boolean_t ns_g_foreground INIT(ISC_FALSE);
EXTERN isc_boolean_t ns_g_logstderr INIT(ISC_FALSE);
@@ -110,7 +110,7 @@ EXTERN const char * lwresd_g_defaultpidfile INIT(NS_LOCALSTATEDIR
"/run/lwresd.pid");
EXTERN const char * ns_g_pidfile INIT(NS_LOCALSTATEDIR
"/run/named.pid");
-EXTERN const char * ns_g_username INIT(NULL);
+EXTERN const char * ns_g_username INIT("named");EXTERN int ns_g_listen INIT(3);
--- bind-9.3.5/bin/named/named.8
+++ bind-9.3.5/bin/named/named.8
@@ -41,7 +41,7 @@ is a Domain Name System (DNS) server, part of the BIND 9 distribution from ISC.
.PP
When invoked without arguments,
\fBnamed\fR
-will read the default configuration file
+will \fBchroot()\fR to \fI@ROOT@\fR, read the default configuration file
\fI/etc/named.conf\fR, read any initial data, and listen for queries.
.SH "OPTIONS"
.PP
@@ -68,7 +68,7 @@ are mutually exclusive.
Use
\fIconfig\-file\fR
as the configuration file instead of the default,
-\fI/etc/named.conf\fR. To ensure that reloading the configuration file continues to work after the server has changed its working directory due to to a possible
+\fI@ROOT@/etc/named.conf\fR. To ensure that reloading the configuration file continues to work after the server has changed its working directory due to a possible
\fBdirectory\fR
option in the configuration file,
\fIconfig\-file\fR
@@ -135,6 +135,7 @@ This option is mainly of interest to BIND 9 developers and may be removed or cha
to
\fIdirectory\fR
after processing the command line arguments, but before reading the configuration file.
+By default, \fBnamed\fR \fBchroot()\fR's to \fI@ROOT@\fR.
.RS
.B "Warning:"
This option should be used in conjunction with the
@@ -151,6 +152,7 @@ is defined allows a process with root privileges to escape a chroot jail.
to
\fIuser\fR
after completing privileged operations, such as creating sockets that listen on privileged ports.
+By default, \fBnamed\fR will run as user \fInamed\fR.
.RS
.B "Note:"
On Linux,