It's often a good idea to run as little as possible as root, and daemons like BIND are no exception. If you want to be really secure, you should run BIND in a chroot environment, but that's a bit more complicated.
In theory, all you have to do to run BIND as a non-root user is feed it
-u
and -g
switches. In practice, you have to do a
bit more.
First of all, you have to make sure that BIND can write to any zone files it needs to (e.g., if your DNS is a slave) in /etc/namedb
or
/var/named
. It also needs to be able to write to its pidfile and
the ndc socket. By default, these are located in /var/run
. If
you don't want to allow the BIND user to write to this location, you can
use option directives like pid-file
to put it somewhere else.
Finally, make sure that you create a separate user for BIND to run
as; don't just reuse something like nobody
. Assuming that you
created a user and a group called named
, you would launch BIND
with the command "named -u named -g named
". This goes in the
script you use to launch BIND (probably /etc/rc.d/init.d/named
on most systems).
NOTE: I realise that these instructions are not exactly
step-by-step. It is assumed that you have some basic familiarity with UNIX
system administration, particularly things like permissions (e.g.,
chmod
) and ownership (chown
). I plan to write a
more detailed set of instructions, which will also cover chrooting BIND, in
the near future.