Running dnsmasq in a dedicated user/group allows matching its outgoing traffic more easily using iptables' owner match. Add UID/GID to the package metadata and append the user/group parameters to the init script.
Signed-off-by: Daniel Golle <dan...@makrotopia.org> --- package/network/services/dnsmasq/Makefile | 1 + package/network/services/dnsmasq/files/dnsmasq.init | 4 +++- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/package/network/services/dnsmasq/Makefile b/package/network/services/dnsmasq/Makefile index a5c3740..9a0f165 100644 --- a/package/network/services/dnsmasq/Makefile +++ b/package/network/services/dnsmasq/Makefile @@ -34,6 +34,7 @@ define Package/dnsmasq/Default CATEGORY:=Base system TITLE:=DNS and DHCP server URL:=http://www.thekelleys.org.uk/dnsmasq/ + USERID:=dnsmasq=65453:dnsmasq=65453 endef define Package/dnsmasq diff --git a/package/network/services/dnsmasq/files/dnsmasq.init b/package/network/services/dnsmasq/files/dnsmasq.init index 61ded6a..83fcbb0 100644 --- a/package/network/services/dnsmasq/files/dnsmasq.init +++ b/package/network/services/dnsmasq/files/dnsmasq.init @@ -218,6 +218,8 @@ dnsmasq() { mkdir -p /tmp/hosts /tmp/dnsmasq.d xappend "--addn-hosts=/tmp/hosts" xappend "--conf-dir=/tmp/dnsmasq.d" + xappend "--user=dnsmasq" + xappend "--group=dnsmasq" echo >> $CONFIGFILE @@ -589,7 +591,7 @@ start_service() { if [ ! -f "$TIMESTAMPFILE" ]; then touch "$TIMESTAMPFILE" - chown nobody.nogroup "$TIMESTAMPFILE" + chown dnsmasq.dnsmasq "$TIMESTAMPFILE" fi echo "# auto-generated config file from /etc/config/dhcp" > $CONFIGFILE -- 2.8.0 _______________________________________________ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel