Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

provide uid/gid settings in config file #2763

Closed
openwrtledediy opened this issue Feb 26, 2021 · 11 comments
Closed

provide uid/gid settings in config file #2763

openwrtledediy opened this issue Feb 26, 2021 · 11 comments
Assignees
@ainar-g
Labels
feature request P3: Medium
Milestone
v0.107.0

Comments

@openwrtledediy
Copy link

Hi, dear developpers
I would assume current gid value of adguardhome on openwrt is gid=0.
Could you make an option or change the default gid to a new one, so the iptables can operate based on the gid?
Thanks.
@openwrtledediy
Copy link
Author

openwrtledediy commented Feb 26, 2021
edited
Loading

This was discussed 5 years ago, but for dnsmasq.
FYI
https://openwrt-devel.openwrt.narkive.com/sazTnNOJ/patch-rfc-dnsmasq-run-as-dedicated-uid-gid

For example, I would like to forward most traffice to a VPN connection, but leave DNS traffic excluded.(return gid=xxxx aka adguadhome in iptables)

@ameshkov
Copy link
Member

Well, we don't maintain an openwrt package. If you're using one, I guess you need to address this question to it's author.

@openwrtledediy
Copy link
Author

openwrtledediy commented Mar 1, 2021
edited
Loading

ok then.
Maybe add gid/uid setting in configuration files like dnsmasq? At lease provide an option for this situation.
Thanks.

#If you want dnsmasq to change uid and gid to something other than the default, edit the following lines.
#user=
#group=

in

https://thekelleys.org.uk/dnsmasq/docs/dnsmasq.conf.example

@openwrtledediy openwrtledediy changed the title Add gid option in openwrt packages provide uid/gid settings in config file Mar 1, 2021
@ameshkov
Copy link
Member

ameshkov commented Mar 1, 2021

It seems dnsmasq itself decides under which user it works, AGH is different, it does not do this and it will work under the same user that started the process. So you just need to edit the openwrt service file and make sure it is started under the user you need.

@ainar-g
Copy link
Contributor

ainar-g commented Mar 1, 2021

Just fyi, Go only started properly supporting setuid and setgid on Linux in Go 1.16, to which we plan to switch in the v0.107 cycle. So we won't really be able to do anything with those syscalls until that milestone.

@openwrtledediy
Copy link
Author

Just fyi, Go only started properly supporting setuid and setgid on Linux in Go 1.16, to which we plan to switch in the v0.107 cycle. So we won't really be able to do anything with those syscalls until that milestone.

Thanks for your information.
Would you add this function via config file or even better (with drop down list read from /etc/passwd)?

@ainar-g
Copy link
Contributor

ainar-g commented Mar 1, 2021

The details are currently unclear, sorry. We'll need to take care of the current and the next cycle first.

@openwrtledediy
Copy link
Author

openwrtledediy commented Mar 2, 2021
edited
Loading

The details are currently unclear, sorry. We'll need to take care of the current and the next cycle first.

Sure, just take it in mind, it's not critical to the current build. I'm happy what adguardhome can do now.
Thank you adguardhome team.

@ameshkov
Copy link
Member

ameshkov commented Mar 2, 2021

@ainar-g will you transform this issue into enhancement or a feature request then?

@ainar-g ainar-g self-assigned this Mar 2, 2021
@ainar-g ainar-g added this to the v0.107.0 milestone Mar 2, 2021
adguard pushed a commit that referenced this issue Jun 4, 2021
@ainar-g
Pull request: all: support setgid, setuid on unix
48c44c2 
Updates #2763.

Squashed commit of the following:

commit bd2077c
Author: Ainar Garipov <A.Garipov@AdGuard.COM>
Date:   Fri Jun 4 16:25:17 2021 +0300

    all: move rlimit_nofile, imp docs

commit ba95d4a
Author: Ainar Garipov <A.Garipov@AdGuard.COM>
Date:   Fri Jun 4 15:12:23 2021 +0300

    all: support setgid, setuid on unix
@ainar-g
Copy link
Contributor

ainar-g commented Jun 4, 2021
edited
Loading

This is implemented as of snapshot 48c44c2. Can you please check if our solution works for you?

@ainar-g
Copy link
Contributor

ainar-g commented Jun 11, 2021

We'll close this issue for now. Please file new ones if you encounter any issues. Thanks.

@ainar-g ainar-g closed this as completed Jun 11, 2021
@ainar-g ainar-g mentioned this issue Nov 25, 2021
Closed
heyxkhoa pushed a commit to heyxkhoa/AdGuardHome that referenced this issue Mar 20, 2023
@ainar-g @heyxkhoa
Pull request: all: support setgid, setuid on unix
a66db4b 
Updates AdguardTeam#2763.

Squashed commit of the following:

commit bd2077c
Author: Ainar Garipov <A.Garipov@AdGuard.COM>
Date:   Fri Jun 4 16:25:17 2021 +0300

    all: move rlimit_nofile, imp docs

commit ba95d4a
Author: Ainar Garipov <A.Garipov@AdGuard.COM>
Date:   Fri Jun 4 15:12:23 2021 +0300

    all: support setgid, setuid on unix
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ainar-g ainar-g

Labels
feature request P3: Medium
Projects
None yet
Milestone
v0.107.0
Development

No branches or pull requests
3 participants
@ainar-g @ameshkov @openwrtledediy