(¿øº»±Û¿¡¼´Â named »ç¿ëÀÚ¸¦ Ãß°¡ÇÏ¿´½À´Ï´Ù. ¹ø¿ª±Û¿¡¼´Â nobody¸¦ »ç¿ëÇϱ⿡ ´ëºÎºÐÀÇ °èÁ¤¿¡¼´Â ÀÌ¹Ì »ý¼ºµÇ¾î ÀÖÀ»°Í ÀÔ´Ï´Ù.) /etc/passwd ¿¡ ´ÙÀ½À» Ãß°¡ÇÑ´Ù. named:x:200:200:Nameserver:/chroot/named:/bin/false /etc/group ¿¡ ´ÙÀ½À» Ãß°¡ÇÑ´Ù. named:x:200: ¼ÐÀ» /bin/false¸¦ ÁØ°ÍÀº ·Î±×¿Â ÇÏÁö ¸øÇÏ°Ô Çϱâ À§ÇÔÀÌ´Ù.
´ÙÀ½°ú °°Àº µð·ºÅ丮 ±¸Á¶¸¦ ¸¸µéÀÚ.
/chroot
+-- named
+-- bin +-- dev +-- etc | +-- namedb +-- lib +-- var
+-- run
ÀÌ¹Ì ±âÁ¸ÀÇ BIND¸¦ ¼³Ä¡Çϰųª ¿î¿µÇØ¿À°í ÀÖÀ» °æ¿ì named.conf³ª zoneÈÀÏÀÌ ÀÖÀ»°æ¿ì chroot º¹»ç(À̵¿)·Î º¹»ç´À À̵¿À» ÇÑ´Ù. /etc/named.conf ´Â /chroot/named/etc ·Î zoneÈÀÏÀº /chroot/named/etc/namedb·Î ¿Å±ä´Ù. ¿¹¸¦ µé¸é ´ÙÀ½°ú °°´Ù.
# cp -p /etc/named.conf /chroot/named/etc/ # cp -a /var/named/* /chroot/named/etc/namedb/¸¸¾à master°¡ ¾Æ´Ñ slave·Î bind¸¦ ¿î¿µÇÏ°íÀÚ Çϰųª ±âŸ ¿©·¯°¡Áö ÀÌÀ¯·Î BIND°¡ zoneÈÀÏ¿¡ Çã°¡±ÇÀÌ ÀÖ¾î¾ß ÇÒ°ÍÀÌ´Ù. ´ÙÀ½¿¹¿Í °°ÀÌ ¼ÒÀ¯±ÇÀ» ¹Ù²ÙÀÚ # chown -R named:named /chroot/named/etc/namedb (Âü°í·Î º»ÀÎÀº nobody·Î ¿î¿µÇϱ⸦ À©ÇßÀ¸¹Ç·Î # chown -R nobody:nobody /chroot/named/etc/namedb ÇØÁÖ¾ú½À´Ï´Ù.) BIND´Â ¶ÇÇÑ /var/run¿¡ pidÈÀÏ°ú ndc¿¡¼ »ç¿ëÇÏ´Â socket¸¦ ÀûÀ»¼ö ÀÖ´Â Çã°¡±ÇÀÌ ÇÊ¿ä ÇÕ´Ï´Ù. µû¶ó¼ ´ÙÀ½¿¹¿Í °°ÀÌ ¼ÒÀ¯±ÇÀ» ÁÝ´Ï´Ù. # chown named:named /chroot/named/var/run (Âü°í·Î º»ÀÎÀº nobody·Î ¿î¿µÇϱ⸦ À©ÇßÀ¸¹Ç·Î # chown -R nobody:nobody /chroot/named/var/run ÇØÁÖ¾ú½À´Ï´Ù.)
BIND¸¦ chroot¿¡¼ ¿î¿µÇÏ°Ô µÇ¸é chroot¿Ü¿¡´Â Çã°¡±ÇÀÌ ¾ø±â ¶§¹®¿¡ ¸î°³ÀÇ ÈÀϵé(ƯÈ÷ ½Ã½ºÅÛ ¶óÀ̺귯¸®) ÀÌ ÇÊ¿ä ÇÕ´Ï´Ù. ¾Æ·¡ÀÇ ¸í·É¾î´Â ÇÊ¿äÇÑ ¶óÀ̺귯¸®¸¦ chroot¾È¿¡¼ ÀÐÀ»¼ö ÀÖµµ·Ï ÇØÁÖ´Â ÀÛ¾÷ÀÔ´Ï´Ù. º¸ÅëÀÇ LINUX¸Ó½®¿¡¼´Â ÀÛµ¿µÉ°Í ÀÔ´Ï´Ù.
# cd /chroot/named/lib # cp -p /lib/libc-2.*.so . # ln -s libc-2.*.so libc.so.6 # cp -p /lib/ld-2.*.so . # ln -s ld-2.*.so ld-linux.so.2BIND°¡ chroot·Î ¿î¿µµÉ¶§´Â chroot¾È¿¡ /dev/nullÀÌ ÀÖ¾î¾ß ÇÕ´Ï´Ù. /dev/MKDEV ÀÇ ¸Þ´º¾óÀ̳ª mknodÀÇ ¸Þ´º¾óÀ» È®ÀÎÇØ º¸½Ê½Ã¿ä. ¾Æ·¡ÀÇ ¸í·ÉÇàÀº º¸ÅëÀÇ LINUX¸Ó½®¿¡¼´Â ÀÛµ¿µÉ°Í ÀÔ´Ï´Ù. # mknod /chroot/named/dev/null c 1 3 ¸¶Áö¸·À¸·Î /etc µð·ºÅ丮¸¦ chroot¾È¿¡ ¿ª½Ã ¸¸µé¾î¾ß ÇÕ´Ï´Ù. ±×¸®°í /etc/localtimeÈÀÏÀ» chroot¾ÈÀ¸·Î º¹»ç Çؾ߸¸ BIND log°¡ Á¤È®ÇÑ ½Ã°£¿¡ ±â·ÏµÉ°ÍÀÔ´Ï´Ù. ¶ÇÇÑ °£´ÜÇÑ groupÈÀÏÀ» »ý¼ºÇؾßÇÒ°Í ÀÔ´Ï´Ù. ´ÙÀ½ÀÇ ¸í·ÉÇàÀ» Âü°í Çϼ¼¿ä # cp /etc/localtime /chroot/named/etc/ # echo 'named:x:200:' > /chroot/named/etc/group (óÀ½¿¡ ¸¸µé¶§ ¿øº»¿¡¼ GID 200À» ÁØ°ÍÀ» ÁÖÀÇ ÇϽʽÿä Àú´Â nobody·Î »ý¼ºÇϱ⠶§¹®¿¡ echo 'nobody:x:99:' > /chroot/named/etc/group ÇÏ¿´½À´Ï´Ù)
sysclogd¸¦ ÅëÇÏ¿© ·Î±×¸¦ »ý¼ºÇÏ´Â ¹æ¹ýÀº µÎ°¡Áö°¡ ÀÖ´Ù°í ÇÕ´Ï´Ù. ÀÌ°ÍÀº ½Ã½ºÅÛ ¸¶´Ù ¼³Á¤ÀÌ ´Ù¸¦¼ö Àֱ⠶§¹®¿¡ RedHat¿¡¼ »ç¿ëÇϴ ù¹ø° ¹æ¹ý¸¸ ¼³¸íÇÏ°Ú½À´Ï´Ù. º¸Åë syslogd´Â ´ÙÀ½ÀÇ ÈÀÏÀ» ÅëÇÏ¿© ¿î¿µµË´Ï´Ù. /etc/rc.d/init.d/syslog ÀÌ ÈÀÏÀ» ¾Æ·¡ ºÎºÐÀº °íÃÄ Áֽʽÿä daemon syslogd -m 0 À» ÀÌ·¸°Ô daemon syslogd -m 0 -a /chroot/named/dev/log °íÃÆÀ¸´Ï µ¥¸óÀ» À籸µ¿ ÇϽʽÿä.
# /etc/rc.d/init.d/syslog stop #/etc/rc.d/init.d/syslog start¾Æ·¡¿Í °°Àº ÈÀÏÀÌ ¹ß°ßµÇ¸é Á¤»óÀûÀΰÍÀÔ´Ï´Ù.
/chroot/named/dev srw-rw-rw- 1 root root 0 Mar 13 20:58 log ´Ù¸¥ ¹æ¹ýÀº.. If you have an older syslogd, then you'll have to find another way to do your logging. There are a couple programs out there, such as holelogd, which are designed to help by acting as a ``proxy'' and accepting log entries from the chrooted BIND and passing them out to the regular /dev/log socket. ÀÔ´Ï´Ù.