From dc1a0f2e0403d96ec8d9e2065af0a7dafb4d2f2e Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Tue, 29 Apr 2025 15:36:19 +0000 Subject: [PATCH] dnsdist: Automatically launch as a non-privileged user This was possible before by adding this to the configuration, but this patch adds a sensible default. Signed-off-by: Michael Tremer --- lfs/dnsdist | 4 +++- src/initscripts/packages/dnsdist | 2 +- src/paks/dnsdist/install.sh | 11 +++++++++++ 3 files changed, 15 insertions(+), 2 deletions(-) diff --git a/lfs/dnsdist b/lfs/dnsdist index 6ce6359faa..e6268b6999 100644 --- a/lfs/dnsdist +++ b/lfs/dnsdist @@ -90,7 +90,9 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) --disable-gnutls \ --enable-dns-over-tls \ --with-lua \ - --without-net-snmp + --without-net-snmp \ + --with-service-user=dnsdist \ + --with-service-group=dnsdist cd $(DIR_APP) && make $(MAKETUNING) cd $(DIR_APP) && make install diff --git a/src/initscripts/packages/dnsdist b/src/initscripts/packages/dnsdist index 52de82d0b8..7c9fa19c8c 100644 --- a/src/initscripts/packages/dnsdist +++ b/src/initscripts/packages/dnsdist @@ -46,7 +46,7 @@ case "${1}" in ulimit -n 65536 # Starting daemon - /usr/bin/dnsdist --supervised ${ARGS} >/dev/null & + /usr/bin/dnsdist --supervised --uid dnsdist --gid dnsdist ${ARGS} >/dev/null & evaluate_retval ;; diff --git a/src/paks/dnsdist/install.sh b/src/paks/dnsdist/install.sh index 74966d643a..43e476152e 100644 --- a/src/paks/dnsdist/install.sh +++ b/src/paks/dnsdist/install.sh @@ -23,6 +23,17 @@ # . /opt/pakfire/lib/functions.sh +# Create group +if ! getent group dnsdist >/dev/null; then + groupadd -r dnsdist +fi + +# Create user +if ! getent passwd dnsdist >/dev/null; then + useradd -r -g dnsdist -d /var/empty -s /sbin/nologin \ + -c "dnsdist daemon" dnsdist +fi + extract_files restore_backup "${NAME}" -- 2.39.5