dnsmasq: run as dedicated UID/GID

[openwrt/staging/stintel.git] / package / network / services / dnsmasq / files / dnsmasq.init

diff --git a/package/network/services/dnsmasq/files/dnsmasq.init b/package/network/services/dnsmasq/files/dnsmasq.init
index 61ded6a53a8dd9e6d6b2608dba62245474c3e63a..7f90b8fa3e2744d9cb685671b67057e221006ff0 100644 (file)
--- a/package/network/services/dnsmasq/files/dnsmasq.init
+++ b/package/network/services/dnsmasq/files/dnsmasq.init
@@ -218,6 +218,8 @@ dnsmasq() {
        mkdir -p /tmp/hosts /tmp/dnsmasq.d
        xappend "--addn-hosts=/tmp/hosts"
        xappend "--conf-dir=/tmp/dnsmasq.d"
+       xappend "--user=dnsmasq"
+       xappend "--group=dnsmasq"
 
        echo >> $CONFIGFILE
 
@@ -316,6 +318,9 @@ dhcp_host_add() {
        config_get networkid "$cfg" networkid
        [ -n "$networkid" ] && dhcp_option_add "$cfg" "$networkid" "$force"
 
+       config_get_bool enable "$cfg" enable 1
+       [ "$enable" = "0" ] && return 0
+
        config_get name "$cfg" name
        config_get ip "$cfg" ip
        [ -n "$ip" -o -n "$name" ] || return 0
@@ -589,7 +594,7 @@ start_service() {
 
        if [ ! -f "$TIMESTAMPFILE" ]; then
                touch "$TIMESTAMPFILE"
-               chown nobody.nogroup "$TIMESTAMPFILE"
+               chown dnsmasq.dnsmasq "$TIMESTAMPFILE"
        fi
 
        echo "# auto-generated config file from /etc/config/dhcp" > $CONFIGFILE