unbound: Make dhcp-leases.conf readable for everyone

unbound runs as nobody and cannot reload its configuration
when this file is only readable for root.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

diff --git a/config/unbound/unbound-dhcp-leases-bridge b/config/unbound/unbound-dhcp-leases-bridge
index 64306bc9bc9de932d108962b14dce1d3f9b00ff8..e3da4860bd1718b835d7a53d9be6b89222f36fef 100644 (file)
--- a/config/unbound/unbound-dhcp-leases-bridge
+++ b/config/unbound/unbound-dhcp-leases-bridge
@@ -28,6 +28,7 @@ import logging.handlers
 import os
 import re
 import signal
+import stat
 import subprocess
 import tempfile
 
@@ -528,6 +529,9 @@ class UnboundConfigWriter(object):
                                for rr in l.rrset:
                                        f.write("local-data: \"%s\"\n" % " ".join(rr))
 
+                       # Make file readable for everyone
+                       os.fchmod(f.fileno(), stat.S_IRUSR|stat.S_IWUSR|stat.S_IRGRP|stat.S_IROTH)
+
                os.rename(filename, self.path)
 
        def _control(self, *args):

diff --git a/src/scripts/convert-dns-settings b/src/scripts/convert-dns-settings
index de12b30e35238fa18fc185714939f8f284bf7bec..04a5344f7e44de703959b4fc7ba2810cdd906f64 100755 (executable)
--- a/src/scripts/convert-dns-settings
+++ b/src/scripts/convert-dns-settings
@@ -87,6 +87,9 @@ main() {
 
        # Set correct ownership.
        chown nobody:nobody /var/ipfire/dns/servers
+
+       # Make DHCP leases readable for nobody
+       chown 644 /etc/unbound/dhcp-leases.conf
 }
 
 main "$@" || exit $?