diff options
| author | Jernej Jakob <jernej.jakob@gmail.com> | 2020-06-11 08:10:35 +0200 |
|---|---|---|
| committer | Jernej Jakob <jernej.jakob@gmail.com> | 2020-06-11 22:10:47 +0200 |
| commit | 3bc07c4fc8bdc865a767aa927bfe9487710ee4d4 (patch) | |
| tree | 2abed369c85bb2de140c5e65317ae390658e3fc9 | |
| parent | 96ed330e9691f9db79c837505802ae5055f86348 (diff) | |
| download | vyos-1x-3bc07c4fc8bdc865a767aa927bfe9487710ee4d4.tar.gz vyos-1x-3bc07c4fc8bdc865a767aa927bfe9487710ee4d4.zip | |
dhcp(v6)-server: T2583: run as 'dhcpd' user
Add a 'dhcpd' system user that is a member of hostsd group and can
connect to vyos-hostsd.
Run dhcpd as this user.
| -rw-r--r-- | debian/vyos-1x.postinst | 6 | ||||
| -rw-r--r-- | src/systemd/isc-dhcp-server.service | 6 | ||||
| -rw-r--r-- | src/systemd/isc-dhcp-server6.service | 4 |
3 files changed, 11 insertions, 5 deletions
diff --git a/debian/vyos-1x.postinst b/debian/vyos-1x.postinst index 672f90dff..dc129cb54 100644 --- a/debian/vyos-1x.postinst +++ b/debian/vyos-1x.postinst @@ -24,3 +24,9 @@ fi if ! grep -q '^hostsd' /etc/group; then addgroup --quiet --system hostsd fi + +# add dhcpd user for dhcp-server +if ! grep -q '^dhcpd' /etc/passwd; then + adduser --quiet --system --disabled-login --no-create-home --home /run/dhcp-server dhcpd + adduser --quiet dhcpd hostsd +fi diff --git a/src/systemd/isc-dhcp-server.service b/src/systemd/isc-dhcp-server.service index e13c66dc6..9aa70a7cc 100644 --- a/src/systemd/isc-dhcp-server.service +++ b/src/systemd/isc-dhcp-server.service @@ -14,10 +14,10 @@ Environment=PID_FILE=/run/dhcp-server/dhcpd.pid CONFIG_FILE=/run/dhcp-server/dhc PIDFile=/run/dhcp-server/dhcpd.pid ExecStartPre=/bin/sh -ec '\ touch ${LEASE_FILE}; \ -chown nobody:nogroup ${LEASE_FILE}* ; \ +chown dhcpd:nogroup ${LEASE_FILE}* ; \ chmod 664 ${LEASE_FILE}* ; \ -/usr/sbin/dhcpd -4 -t -T -q -user nobody -group nogroup -pf ${PID_FILE} -cf ${CONFIG_FILE} -lf ${LEASE_FILE} ' -ExecStart=/usr/sbin/dhcpd -4 -q -user nobody -group nogroup -pf ${PID_FILE} -cf ${CONFIG_FILE} -lf ${LEASE_FILE} +/usr/sbin/dhcpd -4 -t -T -q -user dhcpd -group nogroup -pf ${PID_FILE} -cf ${CONFIG_FILE} -lf ${LEASE_FILE} ' +ExecStart=/usr/sbin/dhcpd -4 -q -user dhcpd -group nogroup -pf ${PID_FILE} -cf ${CONFIG_FILE} -lf ${LEASE_FILE} Restart=always [Install] diff --git a/src/systemd/isc-dhcp-server6.service b/src/systemd/isc-dhcp-server6.service index 8ac861d7a..1345c5fc5 100644 --- a/src/systemd/isc-dhcp-server6.service +++ b/src/systemd/isc-dhcp-server6.service @@ -16,8 +16,8 @@ ExecStartPre=/bin/sh -ec '\ touch ${LEASE_FILE}; \ chown nobody:nogroup ${LEASE_FILE}* ; \ chmod 664 ${LEASE_FILE}* ; \ -/usr/sbin/dhcpd -6 -t -T -q -user nobody -group nogroup -pf ${PID_FILE} -cf ${CONFIG_FILE} -lf ${LEASE_FILE} ' -ExecStart=/usr/sbin/dhcpd -6 -q -user nobody -group nogroup -pf ${PID_FILE} -cf ${CONFIG_FILE} -lf ${LEASE_FILE} +/usr/sbin/dhcpd -6 -t -T -q -user dhcpd -group nogroup -pf ${PID_FILE} -cf ${CONFIG_FILE} -lf ${LEASE_FILE} ' +ExecStart=/usr/sbin/dhcpd -6 -q -user dhcpd -group nogroup -pf ${PID_FILE} -cf ${CONFIG_FILE} -lf ${LEASE_FILE} Restart=always [Install] |