From 7be4822f3d60eee6be75cb622b153ae2487bcdce Mon Sep 17 00:00:00 2001
From: Michael Tremer <michael.tremer@ipfire.org>
Date: Mon, 13 Jan 2020 21:43:27 +0100
Subject: [PATCH] unbound: Make dhcp-leases.conf readable for everyone

unbound runs as nobody and cannot reload its configuration
when this file is only readable for root.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---
 config/unbound/unbound-dhcp-leases-bridge | 4 ++++
 src/scripts/convert-dns-settings          | 3 +++
 2 files changed, 7 insertions(+)

diff --git a/config/unbound/unbound-dhcp-leases-bridge b/config/unbound/unbound-dhcp-leases-bridge
index 64306bc9bc..e3da4860bd 100644
--- a/config/unbound/unbound-dhcp-leases-bridge
+++ b/config/unbound/unbound-dhcp-leases-bridge
@@ -28,6 +28,7 @@ import logging.handlers
 import os
 import re
 import signal
+import stat
 import subprocess
 import tempfile
 
@@ -528,6 +529,9 @@ class UnboundConfigWriter(object):
 				for rr in l.rrset:
 					f.write("local-data: \"%s\"\n" % " ".join(rr))
 
+			# Make file readable for everyone
+			os.fchmod(f.fileno(), stat.S_IRUSR|stat.S_IWUSR|stat.S_IRGRP|stat.S_IROTH)
+
 		os.rename(filename, self.path)
 
 	def _control(self, *args):
diff --git a/src/scripts/convert-dns-settings b/src/scripts/convert-dns-settings
index de12b30e35..04a5344f7e 100755
--- a/src/scripts/convert-dns-settings
+++ b/src/scripts/convert-dns-settings
@@ -87,6 +87,9 @@ main() {
 
 	# Set correct ownership.
 	chown nobody:nobody /var/ipfire/dns/servers
+
+	# Make DHCP leases readable for nobody
+	chown 644 /etc/unbound/dhcp-leases.conf
 }
 
 main "$@" || exit $?
-- 
2.39.2