Results 1 to 8 of 8

Thread: Split-DNS: dedicated named user recommended?

  1. #1
    Join Date
    Oct 2005
    Posts
    206
    Rep Power
    10

    Default Split-DNS: dedicated named user recommended?

    Hello,

    I am in the process of setting up Split-DNS (under Ubuntu for the NE- and under Debian
    for the OSS-version. No, we are not going to run them at the same time :-)



    I am wondering why the following document recommends "to make sure that yourdomain.com.zone (Redhat?)
    is owned by named, not root"
    ( Making Zimbra & BIND Work Together » Zimbra :: Blog )


    but in the following installation HowTo(Ubuntu), that matter is not even mentioned....

    Ubuntu 6.06 Server (Dapper Drake) Beginner's Install Guide - Zimbra :: Wiki
    Ubuntu 8.04 LTS Server (Hardy Heron) Install Guide - Zimbra :: Wiki


    2.
    Is it in Ubuntu- and Debain-environments recommended to add a dedicated user? How should that user be named?



    Thank you very much!

    John

  2. #2
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,587
    Rep Power
    58

    Default

    Install it as whatever user you like, except root, that's your choice.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  3. #3
    Join Date
    Oct 2005
    Posts
    206
    Rep Power
    10

    Default

    Quote Originally Posted by phoenix View Post
    Install it as whatever user you like, except root, that's your choice.
    Wow phoenix, that was nearly realtime :-)

    Ups, I already installed bind9 at the same time as the OS (as root :-)... Since I am not very confident
    with Linux access right, it would probably be easier to remove bind9 at all and to re-install in in an
    other user context. Even re-installing the whole OS would be not problem at this point in time..

    What would you suggest?


    Thank's a lot!

    John

  4. #4
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,587
    Rep Power
    58

    Default

    If you're using your distributions package manager then it will usually(?) install it as a different user, on my CentOS system it gets installed as the 'named' user. You might also want to see if there's a chroot version in your distribution and install that. Are you actually sure that BIND (named) is installed as the root user or are you just assuming that because you installed it when you did the initial install?
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  5. #5
    Join Date
    Oct 2005
    Posts
    206
    Rep Power
    10

    Default

    Thanks for the promt reply.

    Ok, i reinstalled the OS(Debian for the nameserver), added the user "named"
    finished the OS installation and rebooted the machine.

    Then:
    Login to the system as user named
    (since I could not install bind9 in this user context, i did su)
    # su
    /home/named
    # apt-get install bind9


    Is this approach correct ?


    Thank's a lot for any help!

    John

  6. #6
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,587
    Rep Power
    58

    Default

    When you need to become root you should always use the "su -" format, the hyphen is important and sets the user environment correctly. Yes, installing software as root is the normal way to it.

    If you're not used to managing a server then you'd probably find using Webmin a good option, have a look at this page: Webmin Installation and Configuration in Debian and Ubuntu Linux -- Debian Admin Webmin is a useful web interface for managing your server, I'd suggest you install it and become familiar with it.

    You should be able to see if you have the named group with the following:

    Code:
    goups named
    and see which user named is running with (obviously, start it first):

    Code:
    ps aux | grep named
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  7. #7
    Join Date
    Oct 2005
    Posts
    206
    Rep Power
    10

    Default

    Quote Originally Posted by phoenix View Post
    When you need to become root you should always use the "su -" format, the hyphen is important and sets the user environment correctly.[/CODE]
    Thanks this way it seems to work. At least no bind error message is showed during starting the OS (unlike before) :-)

    Quote Originally Posted by phoenix View Post
    You should be able to see if you have the named group with the following:
    Code:
    goups named
    and see which user named is running with (obviously, start it first):
    [/CODE]
    Seems the following output to be ok?
    named dialout cdrom floppy audio viedeo player


    Hopefully the last question:
    Should the Split-DNS related files (/etc/resolv.conf, named.conf.options, db.mydomain.com) be edited as user "root" or as user "named" an su - ?

    Thank's a lot!

    John

  8. #8
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,587
    Rep Power
    58

    Default

    I'm not a debian user but I've just installed it on a VM and apparently the user & group for BIND is actually 'bind'. The answer to your question is yes, they should be edited by root. You should not normally switch to the root user but rather use sudo to run a root command (but I'm sure you know this already).
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

Similar Threads

  1. Zimbra Install Problem - getDirectContext
    By bsimzer in forum Installation
    Replies: 27
    Last Post: 07-19-2007, 11:12 AM
  2. DNS Strategies and Best Practices, and a SLES10 Request
    By LMStone in forum Administrators
    Replies: 4
    Last Post: 10-14-2006, 08:51 AM
  3. Getting problems in FC4 while instalation
    By kitty_bhoo in forum Installation
    Replies: 13
    Last Post: 09-12-2006, 11:34 PM
  4. Fedora Core 3, Clean Install - Not working!
    By pcjackson in forum Installation
    Replies: 17
    Last Post: 03-05-2006, 07:38 PM
  5. Network edition - strange behavior
    By goetzi in forum Installation
    Replies: 6
    Last Post: 11-16-2005, 03:08 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •