2.1 Run BIND as a non-root User - UID

Information

To start BIND you must execute it as the root user. After the initial startup, BIND has the ability to change to a non-root user, allowing it to drop the root privileges.

Rationale:

The reason for configuring BIND to run as a non-root user is to limit the impact in case a future vulnerability is discovered and exploited. This is a common practice, which implements the principal of least privilege. This principle states that an entity, such as a service or user, should be granted only those specific privileges necessary to perform authorized actions. The server will still need to be started as root, but it should be configured to give up the root privilege after listening on port 53. The user ID under which named runs, needs to be created if it does not already exist and needs appropriate access to the DNS configuration and data files. Many systems including Red Hat Linux will come with a named user already created. Usage of the user and group id of 53 in the examples is arbitrary but is intended to be easier to recognize as it matches the listening port number.

Solution

Create the named user and group if it does not already exist. Using a shell of /dev/null is best practice.

if ! id named; then
groupadd -g 53 named
useradd -m -u 53 -g 53 -c 'BIND named' -d /var/named -s /dev/null named
fi 2>/dev/null

Add the -u named to the OPTIONS parameters in the /etc/sysconfig/named if not already present.

Default Value:

The default named startup parameters include the -u named value.

See Also

https://workbench.cisecurity.org/files/2997