From 96ed330e9691f9db79c837505802ae5055f86348 Mon Sep 17 00:00:00 2001 From: Jernej Jakob Date: Thu, 11 Jun 2020 08:06:14 +0200 Subject: vyos-hostsd: T2583: add hostsd group To better control access from other daemons that may not be running as root, create a new group 'hostsd' to which the other daemons running users can be added. Run vyos-hostsd as root:hostsd to create the socket file with correct user and group. --- debian/vyos-1x.postinst | 5 +++++ src/systemd/vyos-hostsd.service | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/debian/vyos-1x.postinst b/debian/vyos-1x.postinst index a308401ee..672f90dff 100644 --- a/debian/vyos-1x.postinst +++ b/debian/vyos-1x.postinst @@ -19,3 +19,8 @@ if ! grep -q '^minion' /etc/passwd; then adduser --quiet minion disk adduser --quiet minion users fi + +# add hostsd group for vyos-hostsd +if ! grep -q '^hostsd' /etc/group; then + addgroup --quiet --system hostsd +fi diff --git a/src/systemd/vyos-hostsd.service b/src/systemd/vyos-hostsd.service index db8f630d4..b77335778 100644 --- a/src/systemd/vyos-hostsd.service +++ b/src/systemd/vyos-hostsd.service @@ -24,7 +24,7 @@ Restart=on-failure # Does't work in Jessie but leave it here User=root -Group=vyattacfg +Group=hostsd [Install] -- cgit v1.2.3