diff options
author | Jernej Jakob <jernej.jakob@gmail.com> | 2020-05-08 11:07:27 +0200 |
---|---|---|
committer | Jernej Jakob <jernej.jakob@gmail.com> | 2020-05-08 11:26:50 +0200 |
commit | 19738b6958813fcfa6299655e3a0e863702de3f5 (patch) | |
tree | 4d2f7bf4a8a7f973420ff0385a074b0a821fd498 /interface-definitions/include/address-ipv4-ipv6-dhcp.xml.i | |
parent | 29dee3abb55d0f0c6b91b311f30521b45d7e46b6 (diff) | |
download | vyos-1x-19738b6958813fcfa6299655e3a0e863702de3f5.tar.gz vyos-1x-19738b6958813fcfa6299655e3a0e863702de3f5.zip |
dhcp-server, dhcpv6-server: T2432: chown lease file to nobody:nogroup
Commits f37194604 and 0cbad2850 migrated isc-dhcp-server(6) from
SysVInit to SystemD, changing the user and group dhcpd is started as.
This caused a permission error when dhcpd tried to write to lease files:
dhcpd[2829]: Can't create new lease file: Permission denied
As dhcpd is started as nobody:nogroup, setting the permissions on the
lease files to 664 root:vyattacfg would make dhcpd unable to write to
them. We can't make the files other-writable, as that would be a big
security issue, so we need to set either the owner or group of the files
to be dhcpd writeble. There should be no harm in changing both to
nobody:nogroup, as they were previously root:root.
If some other VyOS code doesn't like the ownership of these files in
/config, they can be either excluded from the check (possibly moved into
their own directory), or changed back to root:vyattacfg and vyattacfg added
to nogroup.
Diffstat (limited to 'interface-definitions/include/address-ipv4-ipv6-dhcp.xml.i')
0 files changed, 0 insertions, 0 deletions