Bug ID: 6530498 HA DNS should provide a property to allow the DNS service to be run as a non-root user

Bug ID	6530498
Synopsis	HA DNS should provide a property to allow the DNS service to be run as a non-root user
State	1-Dispatched (Default State)
Category:Subcategory	suncluster:ha-dns
Keywords	DNS \| named \| non-root \| oss-bite-size \| oss-request \| user
Sponsor
Submitter
Responsible Engineer	Harish Sundaram
Reported Against
Duplicate Of
Introduced In
Commit to Fix
Fixed In
Release Fixed
Related Bugs	6736636
Submit Date	2-March-2007
Last Update Date	17-October-2008
Description	Customer request via the Sun Cluster forum: I'd like the DNS HA Agent for Sun Cluster 3.2 to be modified so that the admin can choose to run BIND as a non-root user ie. named. This functionality is desirable for security reasons, as it gives the admin a layer of protection in the event that BIND is compromised. As a non-root process, it won't be capable of doing as much damage as a compromised root process could. This behaviour is similar to how Apache works, and is already available by specifying "-u <userid>" when starting BIND from the command line, or setting 'user' and 'group' in method_credential in the SMF manifest.
Work Around	N/A
Comments	N/A

OpenSolaris