Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ensure proper unprivileged user if pihole-FTL is started as root #2394

Merged
merged 1 commit into from
Aug 29, 2018
Merged

Ensure proper unprivileged user if pihole-FTL is started as root #2394

merged 1 commit into from
Aug 29, 2018

Conversation

DL6ER
Copy link
Member

@DL6ER DL6ER commented Aug 27, 2018

By submitting this pull request, I confirm the following:
please fill any appropriate checkboxes, e.g: [X]

  • I have read and understood the contributors guide, as well as this entire template.
  • I have made only one major change in my proposed changes.
  • I have commented my proposed changes within the code.
  • I have tested my proposed changes, and have included unit tests where possible.
  • I am willing to help maintain this change if there are issues with it later.
  • I give this submission freely and claim no ownership.
  • It is compatible with the EUPL 1.2 license
  • I have squashed any insignificant commits. (git rebase)

Please make sure you Sign Off all commits. Pi-hole enforces the DCO.

What does this PR aim to accomplish?:

Ensure that when pihole-FTL is launched as user root (it will drop permissions as soon as this is possible), it drops down to pihole:pihole instead of the default nobody:nogroup.

This is necessary as pihole-FTL needs to be able to periodically create new files - namely the SQLite3 rollback journals - in /etc/pihole. As user nobody, however, cannot do this, the current way of handling this leads to a failure of our long-term database implementation.

How does this PR accomplish the above?:

Use appropriate dnsmasq options to instruct the code to not go to nobody:nogroup but rather pihole:pihole.

@DL6ER
Ensure that when pihole-FTL is launched as user root, it will drop pe…
45bf4b0 
…rmissions as soon as this is possible. We tell pihole-FTL to change UID/GID to pihole:pihole instead of the default nobody:nogroup. This default causes conflicts with our SQLite3 database. See that corresponding pull request for further details.

Signed-off-by: DL6ER <[email protected]>
@DL6ER DL6ER added the Bug: fixed Contains a bug resolution label Aug 27, 2018
@DL6ER DL6ER added this to the 4.1 milestone Aug 27, 2018
@DL6ER DL6ER requested a review from a team August 27, 2018 15:15
@pralor-bot
Copy link

This pull request has been mentioned on Pi-hole Userspace. There might be relevant details there:

https://discourse.pi-hole.net/t/ftldns-upgrade-failed-solved/12022/48

@AzureMarker AzureMarker mentioned this pull request Aug 29, 2018
Merged
5 tasks
@AzureMarker AzureMarker merged commit a9c6d79 into development Aug 29, 2018
@AzureMarker AzureMarker deleted the fix/pihole-FTL_owner_group branch August 29, 2018 15:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@AzureMarker AzureMarker AzureMarker approved these changes

Assignees
No one assigned
Labels
Bug: fixed Contains a bug resolution
Projects
None yet
Milestone
4.1
Development

Successfully merging this pull request may close these issues.
3 participants
@DL6ER @pralor-bot @AzureMarker