summaryrefslogtreecommitdiff
path: root/interface-definitions/include/address-ipv4-ipv6-dhcp.xml.i
diff options
context:
space:
mode:
authorJernej Jakob <jernej.jakob@gmail.com>2020-05-08 11:07:27 +0200
committerJernej Jakob <jernej.jakob@gmail.com>2020-05-08 11:26:50 +0200
commit19738b6958813fcfa6299655e3a0e863702de3f5 (patch)
tree4d2f7bf4a8a7f973420ff0385a074b0a821fd498 /interface-definitions/include/address-ipv4-ipv6-dhcp.xml.i
parent29dee3abb55d0f0c6b91b311f30521b45d7e46b6 (diff)
downloadvyos-1x-19738b6958813fcfa6299655e3a0e863702de3f5.tar.gz
vyos-1x-19738b6958813fcfa6299655e3a0e863702de3f5.zip
dhcp-server, dhcpv6-server: T2432: chown lease file to nobody:nogroup
Commits f37194604 and 0cbad2850 migrated isc-dhcp-server(6) from SysVInit to SystemD, changing the user and group dhcpd is started as. This caused a permission error when dhcpd tried to write to lease files: dhcpd[2829]: Can't create new lease file: Permission denied As dhcpd is started as nobody:nogroup, setting the permissions on the lease files to 664 root:vyattacfg would make dhcpd unable to write to them. We can't make the files other-writable, as that would be a big security issue, so we need to set either the owner or group of the files to be dhcpd writeble. There should be no harm in changing both to nobody:nogroup, as they were previously root:root. If some other VyOS code doesn't like the ownership of these files in /config, they can be either excluded from the check (possibly moved into their own directory), or changed back to root:vyattacfg and vyattacfg added to nogroup.
Diffstat (limited to 'interface-definitions/include/address-ipv4-ipv6-dhcp.xml.i')
0 files changed, 0 insertions, 0 deletions