aboutsummaryrefslogtreecommitdiffstats
path: root/package/network/services/dnsmasq/files
diff options
context:
space:
mode:
authorJohn Crispin <john@openwrt.org>2016-04-26 11:44:10 +0000
committerJohn Crispin <john@openwrt.org>2016-04-26 11:44:10 +0000
commit3481d0d793b87ed4c0f0fa899497f49060e5511d (patch)
tree9415db0673f8f3122b3309bb6183d95f4341e384 /package/network/services/dnsmasq/files
parent1a1bb3aaff9010f978f0743db04880ec6d4a42b1 (diff)
downloadupstream-3481d0d793b87ed4c0f0fa899497f49060e5511d.tar.gz
upstream-3481d0d793b87ed4c0f0fa899497f49060e5511d.tar.bz2
upstream-3481d0d793b87ed4c0f0fa899497f49060e5511d.zip
dnsmasq: run as dedicated UID/GID
Running dnsmasq in a dedicated user/group allows matching its outgoing traffic more easily using iptables' owner match. Add UID/GID to the package metadata and append the user/group parameters to the init script. Signed-off-by: Daniel Golle <daniel@makrotopia.org> SVN-Revision: 49252
Diffstat (limited to 'package/network/services/dnsmasq/files')
-rw-r--r--package/network/services/dnsmasq/files/dnsmasq.init4
1 files changed, 3 insertions, 1 deletions
diff --git a/package/network/services/dnsmasq/files/dnsmasq.init b/package/network/services/dnsmasq/files/dnsmasq.init
index 0cda02d4fe..7f90b8fa3e 100644
--- a/package/network/services/dnsmasq/files/dnsmasq.init
+++ b/package/network/services/dnsmasq/files/dnsmasq.init
@@ -218,6 +218,8 @@ dnsmasq() {
mkdir -p /tmp/hosts /tmp/dnsmasq.d
xappend "--addn-hosts=/tmp/hosts"
xappend "--conf-dir=/tmp/dnsmasq.d"
+ xappend "--user=dnsmasq"
+ xappend "--group=dnsmasq"
echo >> $CONFIGFILE
@@ -592,7 +594,7 @@ start_service() {
if [ ! -f "$TIMESTAMPFILE" ]; then
touch "$TIMESTAMPFILE"
- chown nobody.nogroup "$TIMESTAMPFILE"
+ chown dnsmasq.dnsmasq "$TIMESTAMPFILE"
fi
echo "# auto-generated config file from /etc/config/dhcp" > $CONFIGFILE