dnsdist: Automatically launch as a non-privileged user

This was possible before by adding this to the configuration, but this
patch adds a sensible default.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

diff --git a/lfs/dnsdist b/lfs/dnsdist
index 6ce6359faabe6da893097bed89d34ac64448dfc1..e6268b699984cc746cc878f780ab577b0c9c9882 100644 (file)
--- a/lfs/dnsdist
+++ b/lfs/dnsdist
@@ -90,7 +90,9 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
                --disable-gnutls \
                --enable-dns-over-tls \
                --with-lua \
-               --without-net-snmp
+               --without-net-snmp \
+               --with-service-user=dnsdist \
+               --with-service-group=dnsdist
 
        cd $(DIR_APP) && make $(MAKETUNING)
        cd $(DIR_APP) && make install

diff --git a/src/initscripts/packages/dnsdist b/src/initscripts/packages/dnsdist
index 52de82d0b88c4ed3d807b76ac51962fc91712ce2..7c9fa19c8cc6a061265d632101a5c8a6380fb812 100644 (file)
--- a/src/initscripts/packages/dnsdist
+++ b/src/initscripts/packages/dnsdist
@@ -46,7 +46,7 @@ case "${1}" in
                ulimit -n 65536
 
                # Starting daemon
-               /usr/bin/dnsdist --supervised ${ARGS} >/dev/null &
+               /usr/bin/dnsdist --supervised --uid dnsdist --gid dnsdist ${ARGS} >/dev/null &
                evaluate_retval
                ;;
 

diff --git a/src/paks/dnsdist/install.sh b/src/paks/dnsdist/install.sh
index 74966d643a228f8f9781125db0afc47eb5c3495b..43e476152e1d8009dd9b8bd848cac1b0d0d5d5bc 100644 (file)
--- a/src/paks/dnsdist/install.sh
+++ b/src/paks/dnsdist/install.sh
@@ -23,6 +23,17 @@
 #
 . /opt/pakfire/lib/functions.sh
 
+# Create group
+if ! getent group dnsdist >/dev/null; then
+       groupadd -r dnsdist
+fi
+
+# Create user
+if ! getent passwd dnsdist >/dev/null; then
+       useradd -r -g dnsdist -d /var/empty -s /sbin/nologin \
+               -c "dnsdist daemon" dnsdist
+fi
+
 extract_files
 
 restore_backup "${NAME}"