LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General
User Name
Password
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.

Notices

Reply
 
Search this Thread
Old 08-28-2001, 09:33 AM   #1
rickl
LQ Newbie
 
Registered: Aug 2001
Posts: 1

Rep: Reputation: 0
chroot and bind


I was wondering if anyone out there has tried to run bind in a chroot'ed directory so it is run with the least privilege. I've been trying to set this up for a few days without any luck.

I'm running slackware 7.1 with the 2.2.16 kernel. I'm trying to set it up as stated in the /usr/doc/Linux-HOWTOs/Chroot-BIND-HOWTO directory. I've made the directory structure:
/chroot
+-- named
+-- bin
+-- dev
+-- etc
| +-- namedb
+-- lib
+-- var
+-- run
and I've followed every other step down to the logging section. It says that I need to adjust the /etc/rc.d/init.d/syslog file. Well, since that doesn't exist, I thought that it might mean /etc/rc.d/rc.inet2 - where the syslog daemon is started up. I went into that file and added the line they suggest. My syslog startup script now looks like this:
# Start the SYSLOGD/KLOGD daemons:
if [ -x ${NET}/syslogd ]; then
echo -n " syslogd"
${NET}/syslogd -m 0 -a /chroot/named/dev/log
sleep 1 # prevent syslogd/klogd race condition on SMP kernels
echo -n " klogd"
# '-c 3' = display level 'error' or higher messages on console
${NET}/klogd -c 3
fi

It says that when I restart syslogd that I should get a file created in the /chroot/named/dev/ directory called log. That isn't happening for me.

That's where I'm stuck. I've been looking all around online and I see a lot of help out there for redhat and freebsd, but I don't see any specifics when it comes to slackware. Can anyone help with some advice or point me in the right direction? I've looked in the O'Reilly DNS and BIND book, but I'm having the same problems when it comes to the startup scripts in rc.inet2. I'd really appreciate any help.
 
Old 08-28-2001, 10:39 AM   #2
jharris
Senior Member
 
Registered: May 2001
Location: Bristol, UK
Distribution: Slackware, Fedora, RHES
Posts: 2,243

Rep: Reputation: 46
If you try to start syslogd from the command line with your chroot'd options (remember to kill the current one first!!) do you get any errors or is the directory created correctly? That would be my first port of call. And in rc.inet2 you've replaced the existing syslogd startup yeah? Not just added another line, hence you attempting to start it twice - the second atempt always failing becuase its been previously started...

cheers

Jamie...
 
Old 01-12-2011, 02:21 PM   #3
protrec
LQ Newbie
 
Registered: Jan 2011
Posts: 1

Rep: Reputation: 0
I've found nice article how to chroot bind named.

You can read it at http://linux.digitaleye.pl/?article=chroot_bind.

It's very easy to do.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
yum Error: NetworkManager conflicts with bind-chroot btb Fedora 1 10-21-2005 03:55 AM
Fedora bind-chroot permissions wrong rhoekstra Linux - Networking 1 08-07-2005 09:47 PM
Chroot bind 9.3.0 in slackware 10 - noobie houler Linux - Security 8 04-01-2005 05:53 PM
Bind chroot problem dementiaa Linux - Software 3 12-26-2004 04:14 AM
Bind 9 - Chroot problems Nauseous Linux - Networking 2 11-01-2003 04:51 AM


All times are GMT -5. The time now is 05:17 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration