Take bind out of sandbox and run it as root again, but leave support

mechanisms ('bind' user and group) in place so the feature can be easily turned on. There were too many complaints. The security(1) man page will be created/updated to include the appropriate info.
svn path=/head/; revision=41935
1998-12-19 07:25:56 +00:00 · 1998-12-19 07:25:56 +00:00 · eb127873d5 · 2020-12-20 02:59:44 +00:00
commit eb127873d5
parent 368a6b0214
1 changed files with 8 additions and 3 deletions
--- a/etc/rc.conf
+++ b/etc/rc.conf
@ -6,7 +6,7 @@
 #
 # All arguments must be in double or single quotes.
 #
-#	$Id: rc.conf,v 1.65 1998/12/12 23:04:21 dillon Exp $
+#	$Id: rc.conf,v 1.66 1998/12/16 17:14:16 ghelmer Exp $

 ##############################################################
 ### Important initial Boot-time options  #####################
@ -44,10 +44,15 @@ syslogd_enable="YES"		# Run syslog daemon (or NO).
 syslogd_flags=""		# Flags to syslogd (if enabled).
 inetd_enable="YES"		# Run the network daemon dispatcher (or NO).
 inetd_flags=""			# Optional flags to inetd.
+#
+# named.  It may be possible to run named in a sandbox, man security for
+# details.
+#
 named_enable="NO"		# Run named, the DNS server (or NO).
 named_program="named"		# path to named, if you want a different one.
-named_flags="-u bind -g bind"	# Flags for named (/etc/namedb/named.conf is
-				# the default now).
+named_flags=""			# Flags for named
+#named_flags="-u bind -g bind"	# Flags for named
+
 kerberos_server_enable="NO"	# Run a kerberos master server (or NO).
 kadmind_server_enable="NO"	# Run kadmind (or NO) -- do not run on
 				# a slave kerberos server