From: Roy Marples <roy@marples.name>
Date: Sun, 5 Apr 2020 15:44:32 +0000 (+0100)
Subject: privsep: Detect a suitable user for dhcpcd, otherwise use dhcpcd
X-Git-Tag: v9.0.1~3
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=fa54fc1687eebfed9ecef156359676eb0b404835;p=thirdparty%2Fdhcpcd.git

privsep: Detect a suitable user for dhcpcd, otherwise use dhcpcd

System users generally have _ preceeding their username.
Only use this user if it exists and their home dir is not /var/empty.
Otherwise default to using dhcpcd.
---

diff --git a/configure b/configure
index de0bf3f2..57c5b1a8 100755
--- a/configure
+++ b/configure
@@ -556,16 +556,26 @@ fi
 if [ "$PRIVSEP" = yes ]; then
 	echo "Enabling Privilege Separation"
 
-	# Try and work out a user
+	# Try and work out system user
 	if [ -z "$PRIVSEP_USER" ]; then
-		for x in _dhcpcd _dhcp; do
-			if id "$x" 2>/dev/null >&2; then
+		printf "Detecting a suitable user for dhcpcd ... "
+		for x in _dhcpcd _dhcp dhcpcd; do
+			home=$(getent passwd $x 2>/dev/null | cut -d: -f6)
+			case "$home" in
+			/var/empty|"") ;;
+			*)
 				PRIVSEP_USER="$x"
-				break
-			fi
+				break;;
+			esac
 		done
 	fi
-	: ${PRIVSEP_USER:=_dhcpcd}
+	if [ -n "$PRIVSEP_USER" ]; then
+		echo "$PRIVSEP_USER"
+	else
+		PRIVSEP_USER=dhcpcd
+		echo
+		echo "No suitable user found for Priviledge Separation!"
+	fi
 
 	echo "CPPFLAGS+=	-DPRIVSEP" >>$CONFIG_MK
 	echo "#ifndef PRIVSEP_USER" >>$CONFIG_H