RE: What is the use of having a chroot path during installation

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

RE: What is the use of having a chroot path during installation

MURTARI, JOHN
-----Original Message-----
From: Harshith Mulky <[hidden email]>
To: "[hidden email]" <[hidden email]>
Subject: What is the use of having a chroot path during installation
        of Bind

When installing bind, the following 2 are installed

bind-9.8.2-0.17.rc1.el6.x86_64
bind-chroot-9.8.2-0.17.rc1.el6.x86_64

What is the need of this bind-chroot?
I see all files in /var/named path are softlinks to /var/named/chroot/var/named
and
/etc/named.conf is softlink to /var/named/chroot/etc/named.conf

What is this chroot binding? And why is this chroot Binding Required?
Can the named server function without this chroot Binding?

Thanks
Harshith
---------------------------------

I'm assuming you installed this on a Redhat type system.  The chroot package
sets up BIND to run in a chroot environment where the new filesystem root
is /var/named/chroot.

It's not 'required' -- but considered by many a good security practice in case
a vulnerability is found that allows the hacker to use named to examine/change
your filesystem -- with chroot active they would be very limited.

The server can function just fine in a non chroot environment, BUT -- if you've
already installed the RPMs and named is starting fine and servicing requests,
you may just want to leave it alone.   Removing the chroot package can sometimes
cause problems where old symlinks remain and things get very confusing.

Hope this helps.
Best regards!

John Murtari
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users