#1  
Old 6th December 2005, 15:33
Toffee Toffee is offline
Junior Member
 
Join Date: Dec 2005
Posts: 1
Thanks: 0
Thanked 0 Times in 0 Posts
Question Bind chroot configuration

Hello.

I've got few questions about bind chroot configuration.

Many tutorials explane that we must create an entire directory structure in the chroot directory. It means that libraries and binaries of Bind are present in the chroot directory. Many others indicate that CHROOT_DIR/dev, CHROOT_DIR/etc and CHROOT_DIR/var are sufficient and so, libraries and binaries aren't in the chroot directory.


What is the difference between these two configurations? What is the best configuration in term of security?

Thanks a lot for your response.
Reply With Quote
Sponsored Links
  #2  
Old 6th December 2005, 16:42
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,741 Times in 2,575 Posts
Default

I think that those are two different approaches. E.g., in this howto http://www.howtoforge.com/howto_bind_chroot_debian we don't need all the libraries etc. in the chroot jail because we tell Bind's init script to run Bind chrooted (by putting
Code:
OPTIONS="-u bind -t /var/lib/named"
into /etc/default/bind9). I think it's a lot easier than putting all the libraries etc. into the chroot jail...
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #3  
Old 30th January 2008, 02:08
public_domain public_domain is offline
Junior Member
 
Join Date: Dec 2007
Location: seattle washington
Posts: 20
Thanks: 0
Thanked 1 Time in 1 Post
Red face then should i not see something in either

OPTIONS="-u bind -t /var/lib/named"
/etc/default/bind9
(as it is, no .../named and no ../bind9)
TYIA
Reply With Quote
  #4  
Old 30th January 2008, 15:42
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,741 Times in 2,575 Posts
Default

Quote:
Originally Posted by public_domain
OPTIONS="-u bind -t /var/lib/named"
/etc/default/bind9
(as it is, no .../named and no ../bind9)
TYIA
What is the question?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #5  
Old 30th January 2008, 16:35
public_domain public_domain is offline
Junior Member
 
Join Date: Dec 2007
Location: seattle washington
Posts: 20
Thanks: 0
Thanked 1 Time in 1 Post
Question

does this reference [OPTIONS="-u bind -t /var/lib/named"] point to a directory that is supposed to be there real or symlink?
Reply With Quote
  #6  
Old 31st January 2008, 19:36
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,741 Times in 2,575 Posts
Default

-u bind means the user bind. /var/lib/named is a directory and must exist. BIND will run chrooted in that directory.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #7  
Old 13th March 2009, 15:51
Deem3n® Deem3n® is offline
Junior Member
 
Join Date: Mar 2009
Posts: 1
Thanks: 0
Thanked 0 Times in 0 Posts
 
Default

There is no matter how to use BIND in chroot.

Take a look to this guide. In that example BIND is running at /chroot/named directory
__________________
We will take care of your servers

Server Support Company
http://www.sscompany.net/
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Loading configuration file lance Kernel Questions 2 28th February 2007 20:40
PHP/MySQL/Apache2/ISPConfig configuration issues? senzapaura General 21 25th December 2005 14:01
FC4 Perfect Setup - chroot Ice HOWTO-Related Questions 4 3rd December 2005 23:38
secure bind a bit jayd Feature Requests 0 17th November 2005 13:48
ISPConfig pop3 problem mphayesuk General 21 31st October 2005 10:53


All times are GMT +2. The time now is 08:30.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.