[OpenWrt-Devel] [PATCH] network/services/dnsmasq: Use user:group dnsmasq:dnsmasq for dnsmasq
openwrt at daniel.thecshore.com
openwrt at daniel.thecshore.com
Wed Jan 20 13:23:49 EST 2016
From: Daniel Dickinson <openwrt at daniel.thecshore.com>
v2: Use user:group 300:300 instead of 3000:3000 per defacto standards
nobody.nogroup is better than root but even better is a specific
user for a specific service, therefore use dnsmasq:dnsmasq to
run the dnsmasq server
Signed-off-by: Daniel Dickinson <openwrt at daniel.thecshore.com>
---
package/network/services/dnsmasq/Makefile | 2 ++
package/network/services/dnsmasq/files/dnsmasq.init | 4 ++--
2 files changed, 4 insertions(+), 2 deletions(-)
diff --git a/package/network/services/dnsmasq/Makefile b/package/network/services/dnsmasq/Makefile
index 003530d..67fe109 100644
--- a/package/network/services/dnsmasq/Makefile
+++ b/package/network/services/dnsmasq/Makefile
@@ -27,6 +27,7 @@ PKG_CONFIG_DEPENDS:=CONFIG_PACKAGE_dnsmasq_$(BUILD_VARIANT)_dhcpv6 \
CONFIG_PACKAGE_dnsmasq_$(BUILD_VARIANT)_auth \
CONFIG_PACKAGE_dnsmasq_$(BUILD_VARIANT)_ipset
+
include $(INCLUDE_DIR)/package.mk
define Package/dnsmasq/Default
@@ -34,6 +35,7 @@ define Package/dnsmasq/Default
CATEGORY:=Base system
TITLE:=DNS and DHCP server
URL:=http://www.thekelleys.org.uk/dnsmasq/
+ USERID:=dnsmasq=300:dnsmasq=300
endef
define Package/dnsmasq
diff --git a/package/network/services/dnsmasq/files/dnsmasq.init b/package/network/services/dnsmasq/files/dnsmasq.init
index 8aae43a..cc584fc 100644
--- a/package/network/services/dnsmasq/files/dnsmasq.init
+++ b/package/network/services/dnsmasq/files/dnsmasq.init
@@ -528,7 +528,7 @@ dnsmasq_instance() {
local cfg="$1"
procd_open_instance
- procd_set_param command $PROG -C $CONFIGFILE -k -x /var/run/dnsmasq/dnsmasq."$cfg".pid
+ procd_set_param command $PROG -C $CONFIGFILE -k -x /var/run/dnsmasq/dnsmasq."$cfg".pid -u dnsmasq -g dnsmasq
procd_set_param file $CONFIGFILE
procd_set_param respawn
@@ -547,7 +547,7 @@ dnsmasq_instance() {
if [ ! -f "$TIMESTAMPFILE" ]; then
touch "$TIMESTAMPFILE"
- chown nobody.nogroup "$TIMESTAMPFILE"
+ chown dnsmasq.dnsmasq "$TIMESTAMPFILE"
fi
# if we did this last, we could override auto-generated config
--
2.4.3
_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
More information about the openwrt-devel
mailing list