On 4/3/20 7:18 PM, Bruce Dubbs via blfs-dev wrote:
On 4/3/20 2:56 AM, Tim Tassonis via blfs-dev wrote:
Hi all
I'm about to give the new dhcpcd 9.0.0 a go, which has quite an
important change: it does privilege separation now.
This means that an unprivileged user has to be created and that user
needs to have access to /var/lib/dhcpcd
I thought of doing something similar to openssh:
install -v -m700 -d /var/lib/dhcpcd
groupadd -g 50 dhcpcd &&
useradd -c 'dhcpcd PrivSep' \
-d /var/lib/dhcpcd \
-g dhcpcd \
-s /bin/false \
-u 50 dhcpcd
chown dhcpcd:dhcpcd /var/lib/dhcpcd
Now, the question is: what uid and gid shall I use? 50 as above is
taken by openssh, so what number shall we reserve for dhcpcd?
Use 52. Also be sure to update "About System Users and Groups".
Thanks, I did. Tests went well so far. There is however another
necessary change: the pid file changed from /var/run/dhcpcd-$if.pid to
/var/run/dhcpcd/$if.pid.
This needs to be changed in blfs-bootscripts. It's only two lines in
/lib/services/dhcpcd, but it would maybe be a good idea to have the
bootscript support both versions.
I could do this change, but maybe you'd like to do it yourself?
Bye
Tim
--
http://lists.linuxfromscratch.org/listinfo/blfs-dev
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page
