Message ID | 20160425184009.GA2144@makrotopia.org |
---|---|
State | Accepted |
Headers | show |
Would it be worthwhile keeping these userids in a wiki registry page maybe? This is a current extract from the packages feed and the base packages. 22:sshd 22:sshd 51:pulse 52:tor 53:zabbix 54:prosody 56:dmapd 57:bind 59:dovecot 72:ocserv 87:icecast 88:pianod 89:upmpdcli 99:_fdm 105:avahi 121:lldp 123:ntp 200:mosquitto 224:transmission 323:chrony 400:gnunet 400:gnunetdns 5232:radicale 5353:knot 5432:postgres 8118:privoxy 65533:rpc Daniel Golle <daniel@makrotopia.org> wrote: > Running dnsmasq in a dedicated user/group allows matching its > outgoing traffic more easily using iptables' owner match. Add > UID/GID to the package metadata and append the user/group > parameters to the init script. > > Signed-off-by: Daniel Golle <daniel@makrotopia.org> > --- > package/network/services/dnsmasq/Makefile | 3 ++- > package/network/services/dnsmasq/files/dnsmasq.init | 4 +++- > 2 files changed, 5 insertions(+), 2 deletions(-) > > diff --git a/package/network/services/dnsmasq/Makefile > b/package/network/services/dnsmasq/Makefile index > a5c3740..a5b96a3 100644 > --- a/package/network/services/dnsmasq/Makefile > +++ b/package/network/services/dnsmasq/Makefile > @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk > > PKG_NAME:=dnsmasq > PKG_VERSION:=2.75 > -PKG_RELEASE:=6 > +PKG_RELEASE:=7 > > PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz > PKG_SOURCE_URL:=http://thekelleys.org.uk/dnsmasq > @@ -34,6 +34,7 @@ define Package/dnsmasq/Default > CATEGORY:=Base system > TITLE:=DNS and DHCP server > URL:=http://www.thekelleys.org.uk/dnsmasq/ > + USERID:=dnsmasq=453:dnsmasq=453 > endef > > define Package/dnsmasq > diff --git > a/package/network/services/dnsmasq/files/dnsmasq.init > b/package/network/services/dnsmasq/files/dnsmasq.init index > 61ded6a..83fcbb0 100644 > --- a/package/network/services/dnsmasq/files/dnsmasq.init > +++ b/package/network/services/dnsmasq/files/dnsmasq.init > @@ -218,6 +218,8 @@ dnsmasq() { > mkdir -p /tmp/hosts /tmp/dnsmasq.d > xappend "--addn-hosts=/tmp/hosts" > xappend "--conf-dir=/tmp/dnsmasq.d" > + xappend "--user=dnsmasq" > + xappend "--group=dnsmasq" > > echo >> $CONFIGFILE > > @@ -589,7 +591,7 @@ start_service() { > > if [ ! -f "$TIMESTAMPFILE" ]; then > touch "$TIMESTAMPFILE" > - chown nobody.nogroup "$TIMESTAMPFILE" > + chown dnsmasq.dnsmasq "$TIMESTAMPFILE" > fi > > echo "# auto-generated config file from /etc/config/dhcp" > $CONFIGFILE > -- > 2.8.0 > _______________________________________________ > openwrt-devel mailing list > openwrt-devel@lists.openwrt.org > https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
diff --git a/package/network/services/dnsmasq/Makefile b/package/network/services/dnsmasq/Makefile index a5c3740..a5b96a3 100644 --- a/package/network/services/dnsmasq/Makefile +++ b/package/network/services/dnsmasq/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=dnsmasq PKG_VERSION:=2.75 -PKG_RELEASE:=6 +PKG_RELEASE:=7 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz PKG_SOURCE_URL:=http://thekelleys.org.uk/dnsmasq @@ -34,6 +34,7 @@ define Package/dnsmasq/Default CATEGORY:=Base system TITLE:=DNS and DHCP server URL:=http://www.thekelleys.org.uk/dnsmasq/ + USERID:=dnsmasq=453:dnsmasq=453 endef define Package/dnsmasq diff --git a/package/network/services/dnsmasq/files/dnsmasq.init b/package/network/services/dnsmasq/files/dnsmasq.init index 61ded6a..83fcbb0 100644 --- a/package/network/services/dnsmasq/files/dnsmasq.init +++ b/package/network/services/dnsmasq/files/dnsmasq.init @@ -218,6 +218,8 @@ dnsmasq() { mkdir -p /tmp/hosts /tmp/dnsmasq.d xappend "--addn-hosts=/tmp/hosts" xappend "--conf-dir=/tmp/dnsmasq.d" + xappend "--user=dnsmasq" + xappend "--group=dnsmasq" echo >> $CONFIGFILE @@ -589,7 +591,7 @@ start_service() { if [ ! -f "$TIMESTAMPFILE" ]; then touch "$TIMESTAMPFILE" - chown nobody.nogroup "$TIMESTAMPFILE" + chown dnsmasq.dnsmasq "$TIMESTAMPFILE" fi echo "# auto-generated config file from /etc/config/dhcp" > $CONFIGFILE
Running dnsmasq in a dedicated user/group allows matching its outgoing traffic more easily using iptables' owner match. Add UID/GID to the package metadata and append the user/group parameters to the init script. Signed-off-by: Daniel Golle <daniel@makrotopia.org> --- package/network/services/dnsmasq/Makefile | 3 ++- package/network/services/dnsmasq/files/dnsmasq.init | 4 +++- 2 files changed, 5 insertions(+), 2 deletions(-)