dnsdist: create user from the RPM package to drop privs #3700

Merged
merged 2 commits into from Apr 19, 2016

Projects

None yet

3 participants

@pieterlexis
Member

And add a paragraph about this in the readme.

@rubenk rubenk commented on the diff Apr 15, 2016
build-scripts/build-dnsdist-rpm
@@ -115,6 +114,41 @@ install -d %{buildroot}/%{_sysconfdir}/dnsdist
${INIT_INSTALL}
${DEFAULTS_INSTALL}
+%pre
+getent group dnsdist >/dev/null || groupadd -r dnsdist
+getent passwd dnsdist >/dev/null || \
+ useradd -r -g dnsdist -d / -s /sbin/nologin \
+ -c "dnsdist user" dnsdist
+exit 0
+
+
+%post
+%if 0%{?el6}
@rubenk
rubenk Apr 15, 2016 Contributor

No biggie, I guess this will work too, but usually we use is %if 0%{?rhel} == 6

@pieterlexis
pieterlexis Apr 18, 2016 Member

I took this from the existing EPEL specfile, but can change this.

@rubenk
rubenk Apr 18, 2016 Contributor

Nah, it's fine.

@rubenk
Contributor
rubenk commented Apr 15, 2016

Please add Requires(pre): shadow-utils since you're using useradd

@rgacogne rgacogne merged commit 6ab7f9f into PowerDNS:master Apr 19, 2016

1 check passed

continuous-integration/travis-ci/pr The Travis CI build passed
Details
@pieterlexis pieterlexis deleted the pieterlexis:rpm-dnsdist-user branch Apr 19, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment