Subject: proposals for running named in a non-root chroot cage
From: Luke Mewburn <>
Date: 03/09/2001 04:30:04
I've been investigating methods of changing the default startup
mechanism for named(8) to run as a non-root user inside a chroot

I've already created a named user and group in the default passwd
and group files, and an example chroot cage under /var/named.

There's a couple of different ways I've investigated for changing
the default setup to run as described above:

1. Change the following /etc/defaults/rc.conf entries to:
	syslogd_flags="-s -p /var/run/log -p /var/named/var/run/log"
	named_flags="-u named -g named -t /var/named /etc/namedb/named.conf"

	+ Less work

	- A user override in /etc/rc.conf of named_flags or
	  syslog_flags loses the setup.

	- Assumes chroot cage is in /var/named

	- Needs a migration tool to setup or copy the following:

	- Startup script for named needs to ensure
		/var/run/ symlink to /var/named//var/run/
		/var/run/ndc symlink to /var/named//var/run/ndc

	- Needs a migration of /etc/namedb/* to /var/named/etc/namedb/*

2. Change /etc/rc.d/syslogd and /etc/rc.d/named to run named in a
   chroot cage if $named_chrootdir != "", and add the following to

	+ User overrides of named_flags and syslogd_flags in /etc/rc.conf
	  do not negate the behaviour

	+ Chroot cage location can be overridden (although the
	  /etc/mtree/NetBSD.dist may have to updated)

	+ Ensures that named-xfer, dev/null, and the /var/run symlinks
	  are in place

	- Needs a migration of /etc/namedb/* to /var/named/etc/namedb/*

To me, it's obvious that option `2.' is the better one, if I can
cleanly lick the problem of migrating /etc/namedb to

Should we go `2.' and then:
	- change the build system to populate /var/named/ by default
	  (with named-xfer, the example etc/namedb, ...)
	- add a migration mechanism to /etc/rc.d/named which detects
	  if /etc/namedb isn't a symlink, and if it isn't, copies the
	  contents to /var/namedb and makes it a symlink. This could
	  be dangerours
	- alternatively, consider a manual migration tool/process.

