[Opendnssec-develop] Packing and OpenDNSSEC User Account

Stephen.Morris at nominet.org.uk Stephen.Morris at nominet.org.uk
Fri Jun 19 16:33:37 UTC 2009

I have been building (though not yet running) OpenDNSSEC under OS/X. A 
couple of things to consider:

Although we will provide source, installing at least three pre-requisites 
(ldns, libxml2 and Botan) and building OpenDNSSEC from scratch (we 
definitely need a single Makefile!) is not a five-minute task.  When we 
come around to releasing the software as a product, we should think of 
statically linking everything and supplying pre-built packages for at 
least one or two of the supported operating systems.

User Account and Working Directory
I notice that both the enforcer and the signer create a "var" subdirectory 
in the installation directory.  I'm not sure this is a good idea - I 
generally put software in a read-only area (which may be on a partition of 
limited size).  Although it is possible to subsequently move the "var" 
directory to another area and add a symbolic link to it in the 
installation directory, I think we should look at another solution.  A 
question related to this is "under what username does OpenDNSSEC run?".

I would suggest that the recommended configuration be to create a user 
account under which all the OpenDNSSEC software runs, and that the working 
area for OpenDNSSEC be located in that user's home. There would need to be 
some way of specifying the username at startup, but for the moment, it 
could default to "opendnssec".

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opendnssec.org/pipermail/opendnssec-develop/attachments/20090619/3b17cbc5/attachment.htm>

More information about the Opendnssec-develop mailing list