summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJernej Jakob <jernej.jakob@gmail.com>2020-06-11 08:06:14 +0200
committerJernej Jakob <jernej.jakob@gmail.com>2020-06-11 22:10:47 +0200
commit96ed330e9691f9db79c837505802ae5055f86348 (patch)
tree7b6c34776470068960d7a9336f1b27357dd212ef
parentde8f039cf3a527c87ec595fc94a691b0159cd79a (diff)
downloadvyos-1x-96ed330e9691f9db79c837505802ae5055f86348.tar.gz
vyos-1x-96ed330e9691f9db79c837505802ae5055f86348.zip
vyos-hostsd: T2583: add hostsd group
To better control access from other daemons that may not be running as root, create a new group 'hostsd' to which the other daemons running users can be added. Run vyos-hostsd as root:hostsd to create the socket file with correct user and group.
-rw-r--r--debian/vyos-1x.postinst5
-rw-r--r--src/systemd/vyos-hostsd.service2
2 files changed, 6 insertions, 1 deletions
diff --git a/debian/vyos-1x.postinst b/debian/vyos-1x.postinst
index a308401ee..672f90dff 100644
--- a/debian/vyos-1x.postinst
+++ b/debian/vyos-1x.postinst
@@ -19,3 +19,8 @@ if ! grep -q '^minion' /etc/passwd; then
adduser --quiet minion disk
adduser --quiet minion users
fi
+
+# add hostsd group for vyos-hostsd
+if ! grep -q '^hostsd' /etc/group; then
+ addgroup --quiet --system hostsd
+fi
diff --git a/src/systemd/vyos-hostsd.service b/src/systemd/vyos-hostsd.service
index db8f630d4..b77335778 100644
--- a/src/systemd/vyos-hostsd.service
+++ b/src/systemd/vyos-hostsd.service
@@ -24,7 +24,7 @@ Restart=on-failure
# Does't work in Jessie but leave it here
User=root
-Group=vyattacfg
+Group=hostsd
[Install]