dnsmasq: run as dedicated UID/GID

Running dnsmasq in a dedicated user/group allows matching its outgoing
traffic more easily using iptables' owner match.
Add UID/GID to the package metadata and append the user/group
parameters to the init script.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>

git-svn-id: svn://svn.openwrt.org/openwrt/trunk@49252 3c298f89-4303-0410-b956-a3cf2f4a3e73

2 files changed, 5 insertions, 2 deletions

diff --git a/package/network/services/dnsmasq/Makefile b/package/network/services/dnsmasq/Makefile
index a5c3740179..a5b96a3d28 100644
--- a/package/network/services/dnsmasq/Makefile
+++ b/package/network/services/dnsmasq/Makefile
@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=dnsmasq
 PKG_VERSION:=2.75
-PKG_RELEASE:=6
+PKG_RELEASE:=7
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
 PKG_SOURCE_URL:=http://thekelleys.org.uk/dnsmasq
@@ -34,6 +34,7 @@ define Package/dnsmasq/Default
   CATEGORY:=Base system
   TITLE:=DNS and DHCP server
   URL:=http://www.thekelleys.org.uk/dnsmasq/
+  USERID:=dnsmasq=453:dnsmasq=453
 endef
 
 define Package/dnsmasq
diff --git a/package/network/services/dnsmasq/files/dnsmasq.init b/package/network/services/dnsmasq/files/dnsmasq.init
index 0cda02d4fe..7f90b8fa3e 100644
--- a/package/network/services/dnsmasq/files/dnsmasq.init
+++ b/package/network/services/dnsmasq/files/dnsmasq.init
@@ -218,6 +218,8 @@ dnsmasq() {
 	mkdir -p /tmp/hosts /tmp/dnsmasq.d
 	xappend "--addn-hosts=/tmp/hosts"
 	xappend "--conf-dir=/tmp/dnsmasq.d"
+	xappend "--user=dnsmasq"
+	xappend "--group=dnsmasq"
 
 	echo >> $CONFIGFILE
 
@@ -592,7 +594,7 @@ start_service() {
 
 	if [ ! -f "$TIMESTAMPFILE" ]; then
 		touch "$TIMESTAMPFILE"
-		chown nobody.nogroup "$TIMESTAMPFILE"
+		chown dnsmasq.dnsmasq "$TIMESTAMPFILE"
 	fi
 
 	echo "# auto-generated config file from /etc/config/dhcp" > $CONFIGFILE