diff options
| author | John Crispin <john@openwrt.org> | 2016-04-26 11:44:10 +0000 |
|---|---|---|
| committer | John Crispin <john@openwrt.org> | 2016-04-26 11:44:10 +0000 |
| commit | 3481d0d793b87ed4c0f0fa899497f49060e5511d (patch) | |
| tree | 9415db0673f8f3122b3309bb6183d95f4341e384 /package/network/services/dnsmasq/files | |
| parent | 1a1bb3aaff9010f978f0743db04880ec6d4a42b1 (diff) | |
| download | upstream-3481d0d793b87ed4c0f0fa899497f49060e5511d.tar.gz upstream-3481d0d793b87ed4c0f0fa899497f49060e5511d.tar.bz2 upstream-3481d0d793b87ed4c0f0fa899497f49060e5511d.zip | |
dnsmasq: run as dedicated UID/GID
Running dnsmasq in a dedicated user/group allows matching its outgoing
traffic more easily using iptables' owner match.
Add UID/GID to the package metadata and append the user/group
parameters to the init script.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
SVN-Revision: 49252
Diffstat (limited to 'package/network/services/dnsmasq/files')
| -rw-r--r-- | package/network/services/dnsmasq/files/dnsmasq.init | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/package/network/services/dnsmasq/files/dnsmasq.init b/package/network/services/dnsmasq/files/dnsmasq.init index 0cda02d4fe..7f90b8fa3e 100644 --- a/package/network/services/dnsmasq/files/dnsmasq.init +++ b/package/network/services/dnsmasq/files/dnsmasq.init @@ -218,6 +218,8 @@ dnsmasq() { mkdir -p /tmp/hosts /tmp/dnsmasq.d xappend "--addn-hosts=/tmp/hosts" xappend "--conf-dir=/tmp/dnsmasq.d" + xappend "--user=dnsmasq" + xappend "--group=dnsmasq" echo >> $CONFIGFILE @@ -592,7 +594,7 @@ start_service() { if [ ! -f "$TIMESTAMPFILE" ]; then touch "$TIMESTAMPFILE" - chown nobody.nogroup "$TIMESTAMPFILE" + chown dnsmasq.dnsmasq "$TIMESTAMPFILE" fi echo "# auto-generated config file from /etc/config/dhcp" > $CONFIGFILE |