[OpenWrt-Devel] [PATCH] network/services/dnsmasq: Use user:group dnsmasq:dnsmasq for dnsmasq

openwrt at daniel.thecshore.com openwrt at daniel.thecshore.com
Wed Jan 20 13:23:49 EST 2016


From: Daniel Dickinson <openwrt at daniel.thecshore.com>

v2: Use user:group 300:300 instead of 3000:3000 per defacto standards

nobody.nogroup is better than root but even better is a specific
user for a specific service, therefore use dnsmasq:dnsmasq to
run the dnsmasq server

Signed-off-by: Daniel Dickinson <openwrt at daniel.thecshore.com>
---
 package/network/services/dnsmasq/Makefile           | 2 ++
 package/network/services/dnsmasq/files/dnsmasq.init | 4 ++--
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/package/network/services/dnsmasq/Makefile b/package/network/services/dnsmasq/Makefile
index 003530d..67fe109 100644
--- a/package/network/services/dnsmasq/Makefile
+++ b/package/network/services/dnsmasq/Makefile
@@ -27,6 +27,7 @@ PKG_CONFIG_DEPENDS:=CONFIG_PACKAGE_dnsmasq_$(BUILD_VARIANT)_dhcpv6 \
 	CONFIG_PACKAGE_dnsmasq_$(BUILD_VARIANT)_auth \
 	CONFIG_PACKAGE_dnsmasq_$(BUILD_VARIANT)_ipset
 
+
 include $(INCLUDE_DIR)/package.mk
 
 define Package/dnsmasq/Default
@@ -34,6 +35,7 @@ define Package/dnsmasq/Default
   CATEGORY:=Base system
   TITLE:=DNS and DHCP server
   URL:=http://www.thekelleys.org.uk/dnsmasq/
+  USERID:=dnsmasq=300:dnsmasq=300
 endef
 
 define Package/dnsmasq
diff --git a/package/network/services/dnsmasq/files/dnsmasq.init b/package/network/services/dnsmasq/files/dnsmasq.init
index 8aae43a..cc584fc 100644
--- a/package/network/services/dnsmasq/files/dnsmasq.init
+++ b/package/network/services/dnsmasq/files/dnsmasq.init
@@ -528,7 +528,7 @@ dnsmasq_instance() {
 	local cfg="$1"
 
 	procd_open_instance
-	procd_set_param command $PROG -C $CONFIGFILE -k -x /var/run/dnsmasq/dnsmasq."$cfg".pid
+	procd_set_param command $PROG -C $CONFIGFILE -k -x /var/run/dnsmasq/dnsmasq."$cfg".pid -u dnsmasq -g dnsmasq
 	procd_set_param file $CONFIGFILE
 	procd_set_param respawn
 
@@ -547,7 +547,7 @@ dnsmasq_instance() {
 
 	if [ ! -f "$TIMESTAMPFILE" ]; then
 		touch "$TIMESTAMPFILE"
-		chown nobody.nogroup "$TIMESTAMPFILE"
+		chown dnsmasq.dnsmasq "$TIMESTAMPFILE"
 	fi
 
 	# if we did this last, we could override auto-generated config
-- 
2.4.3
_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel



More information about the openwrt-devel mailing list