[Opendnssec-user] zone fetcher can't bind udp/ipv4 socket: Permission denied
Rickard Bellgrim
rickard.bellgrim at iis.se
Thu Dec 16 10:57:07 UTC 2010
On 16 dec 2010, at 11.42, Rick van Rein wrote:
>>
>> Can anyone confirm this is fixed and zonefetcher can be run as non-root (while listing on port 53).
>
> Non-root processes cannot listen to ports < 1024 on UNIX systems.
It first binds to the socket:
http://trac.opendnssec.org/browser/trunk/OpenDNSSEC/signer/src/tools/zone_fetcher.c#L1425
Then drop privileges:
http://trac.opendnssec.org/browser/trunk/OpenDNSSEC/signer/src/tools/zone_fetcher.c#L1438
The process must be started with root privileges and will then drop to the user / group specified in conf.xml
// Rickard
More information about the Opendnssec-user
mailing list