webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-27 11:13:24 +02:00
Code Issues Packages Projects Releases Wiki Activity

unbound: Make dhcp-leases.conf readable for everyone

Browse Source 
unbound runs as nobody and cannot reload its configuration
when this file is only readable for root.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This commit is contained in:
Michael Tremer
2020-01-13 21:43:27 +01:00
parent 04b7a78140
commit 7be4822f3d
2 changed files with 7 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
config/unbound/unbound-dhcp-leases-bridge
View File

@@ -28,6 +28,7 @@ import logging.handlers
import os import os
import re import re
import signal import signal
import stat
import subprocess import subprocess
import tempfile import tempfile
@@ -528,6 +529,9 @@ class UnboundConfigWriter(object):
for rr in l.rrset: for rr in l.rrset:
f.write("local-data: \"%s\"\n" % " ".join(rr)) f.write("local-data: \"%s\"\n" % " ".join(rr))
# Make file readable for everyone
os.fchmod(f.fileno(), stat.S_IRUSR|stat.S_IWUSR|stat.S_IRGRP|stat.S_IROTH)
os.rename(filename, self.path) os.rename(filename, self.path)
def _control(self, *args): def _control(self, *args):

3
src/scripts/convert-dns-settings
View File

@@ -87,6 +87,9 @@ main() {
# Set correct ownership. # Set correct ownership.
chown nobody:nobody /var/ipfire/dns/servers chown nobody:nobody /var/ipfire/dns/servers
# Make DHCP leases readable for nobody
chown 644 /etc/unbound/dhcp-leases.conf
} }
main "$@" || exit $? main "$@" || exit $?