[Opendnssec-develop] Packing and OpenDNSSEC User Account
Stephen.Morris at nominet.org.uk
Stephen.Morris at nominet.org.uk
Fri Jun 19 16:33:37 UTC 2009
I have been building (though not yet running) OpenDNSSEC under OS/X. A
couple of things to consider:
Packaging
Although we will provide source, installing at least three pre-requisites
(ldns, libxml2 and Botan) and building OpenDNSSEC from scratch (we
definitely need a single Makefile!) is not a five-minute task. When we
come around to releasing the software as a product, we should think of
statically linking everything and supplying pre-built packages for at
least one or two of the supported operating systems.
User Account and Working Directory
I notice that both the enforcer and the signer create a "var" subdirectory
in the installation directory. I'm not sure this is a good idea - I
generally put software in a read-only area (which may be on a partition of
limited size). Although it is possible to subsequently move the "var"
directory to another area and add a symbolic link to it in the
installation directory, I think we should look at another solution. A
question related to this is "under what username does OpenDNSSEC run?".
I would suggest that the recommended configuration be to create a user
account under which all the OpenDNSSEC software runs, and that the working
area for OpenDNSSEC be located in that user's home. There would need to be
some way of specifying the username at startup, but for the moment, it
could default to "opendnssec".
Stephen
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opendnssec.org/pipermail/opendnssec-develop/attachments/20090619/3b17cbc5/attachment.htm>
More information about the Opendnssec-develop
mailing list