From: Remi Gacogne <remi.gacogne@powerdns.com>
Date: Tue, 11 Feb 2020 15:40:31 +0000 (+0100)
Subject: dnsdist: Document that we no longer start as root by default
X-Git-Tag: auth-4.3.0-beta2~19^2~1
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=2dc07f1037ecb2ba005c48dc6b25258349165c6e;p=thirdparty%2Fpdns.git

dnsdist: Document that we no longer start as root by default
---

diff --git a/pdns/dnsdistdist/docs/upgrade_guide.rst b/pdns/dnsdistdist/docs/upgrade_guide.rst
index f6ca3dc3e3..42dc45fa0c 100644
--- a/pdns/dnsdistdist/docs/upgrade_guide.rst
+++ b/pdns/dnsdistdist/docs/upgrade_guide.rst
@@ -7,6 +7,14 @@ Upgrade Guide
 DOH endpoints specified in the fourth parameter of :func:`addDOHLocal` are now specified as exact URLs instead of sub-paths.
 For example, ``addDOHLocal('2001:db8:1:f00::1', '/etc/ssl/certs/example.com.pem', '/etc/ssl/private/example.com.key', { "/dns-query" })`` will now only accept queries for ``/dns-query`` and no longer for ``/dns-query/foo/bar``.
 
+The systemd service-file that is installed no longer uses the ``root`` user to start. It uses the user and group set with the ``--with-service-user`` and ``--with-service-group`` switches during
+configuration, "dnsdist" by default.
+This could mean that dnsdist can no longer read its own configuration, or other data. It is therefore recommended to recursively ``chown`` directories used  by dnsdist::
+
+  chown -R root:dnsdist /etc/dnsdist
+
+Packages provided on `the PowerDNS Repository <https://repo.powerdns.com>`__ will ``chown`` directories created by them accordingly in the post-installation steps.
+
 1.3.x to 1.4.0
 --------------