-   Linux - General (
-   -   chroot and bind (

rickl 08-28-2001 10:33 AM

chroot and bind
I was wondering if anyone out there has tried to run bind in a chroot'ed directory so it is run with the least privilege. I've been trying to set this up for a few days without any luck.

I'm running slackware 7.1 with the 2.2.16 kernel. I'm trying to set it up as stated in the /usr/doc/Linux-HOWTOs/Chroot-BIND-HOWTO directory. I've made the directory structure:
+-- named
+-- bin
+-- dev
+-- etc
| +-- namedb
+-- lib
+-- var
+-- run
and I've followed every other step down to the logging section. It says that I need to adjust the /etc/rc.d/init.d/syslog file. Well, since that doesn't exist, I thought that it might mean /etc/rc.d/rc.inet2 - where the syslog daemon is started up. I went into that file and added the line they suggest. My syslog startup script now looks like this:
# Start the SYSLOGD/KLOGD daemons:
if [ -x ${NET}/syslogd ]; then
echo -n " syslogd"
${NET}/syslogd -m 0 -a /chroot/named/dev/log
sleep 1 # prevent syslogd/klogd race condition on SMP kernels
echo -n " klogd"
# '-c 3' = display level 'error' or higher messages on console
${NET}/klogd -c 3

It says that when I restart syslogd that I should get a file created in the /chroot/named/dev/ directory called log. That isn't happening for me.

That's where I'm stuck. I've been looking all around online and I see a lot of help out there for redhat and freebsd, but I don't see any specifics when it comes to slackware. Can anyone help with some advice or point me in the right direction? I've looked in the O'Reilly DNS and BIND book, but I'm having the same problems when it comes to the startup scripts in rc.inet2. I'd really appreciate any help.

jharris 08-28-2001 11:39 AM

If you try to start syslogd from the command line with your chroot'd options (remember to kill the current one first!!) do you get any errors or is the directory created correctly? That would be my first port of call. And in rc.inet2 you've replaced the existing syslogd startup yeah? Not just added another line, hence you attempting to start it twice - the second atempt always failing becuase its been previously started...



protrec 01-12-2011 03:21 PM

I've found nice article how to chroot bind named.

You can read it at

It's very easy to do.

All times are GMT -5. The time now is 01:18 AM.