Re: Fedora /DNS

From: Patrick L. Parks (TryThis_at_WontWork.com)
Date: 03/27/04 

Date: Fri, 26 Mar 2004 21:48:24 -0500

users@linuxforums.org wrote:
> helo all,
> Is there any change in the configurations files path of fedora ???
> DNS didn't work when i put the files at /var/named
> but when i did put it in /var/named/chroot/var/named it did work
> !!!!
> why and what is chroot directory ????
> Thanks
> ----
> Message posted via www.linuxforums.org

 From the Fedora Release notes;

The BIND nameserver has had its security tightened. The /var/named/
directory is no longer owned by "named", but rather by "root". Slave
zone files should now be stored in the new /var/named/slaves/ directory,
which is owned by "named". In addition, a new bind-chroot package makes
it possible to run the named daemon in a chroot() "jail" (located in
/var/named/chroot/) for greater security.

You can find the rest of the release notes at
http://fedora.redhat.com/docs/release-notes/

chroot is a changed root location. This means that the directory is as
far up in the file system as you will be allowed to go.

For example, lets say you run an FTP server and you put the files in
/var/ftp/pub. If you were to set chroot to /var/ftp, if a person were
to get into ftp and were sitting at /var/ftp/pub, they could cd .. and
go back to /var/ftp, but if they hit cd .. again they would still be at
/var/ftp.

If you didn't set a chroot, they might be able to back up to /var/ or
even worse, /.