-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Dmitriy, Dmitriy Demidov wrote: > control unbound process to any user in the local system... AFAIK all access > control is done by file systems ACL for SSL sertificate files? Yes. Also the interface is 127.0.0.1 by default, so localhost only. The system can work for remote administration also, but then you must set control-interface "0.0.0.0" (any). and maybe adjust your firewall. > and to close this "security hole" I make a fast chmod/chown to this: added chmod o-rw (files) to unbound-control-setup. Thank you for the suggestion, Wouter -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAkknAXQACgkQkDLqNwOhpPhtXgCgp2bAdeScfiXDlAeYsobv7/Nm nVcAoKX7Owwrz5921a3PCJwVXQeZVsA2 =952p -----END PGP SIGNATURE-----