dhcpcd-discuss

On 03/04/2020 16:44, Tim Tassonis wrote:
> Hi Roy
>
> On 4/2/20 2:30 PM, Roy Marples wrote:
> > with the following changes:
> >
> >   * Privilege Separation
> >   * Linux default hostname is (none), everyone is is a blank string
> >   * Leases are now dumped over the control socket - you get RA's now as well.
> >   * Better support for many IPv6 routers
> >   * NetBSD: RTM_MISS filtering
> >   * RA: Deprecate stale addresses by setting pltime 0
> >   * DHCP6: Deprecate stale addresses by setting pltime 0
> >
> > ftp://roy.marples.name/pub/dhcpcd/dhcpcd-9.0.0.tar.xz
> > http://roy.marples.name/downloads/dhcpcd/dhcpcd-9.0.0.tar.xz
> >
> > Privilege Separation support has taken about 6 months to become stable
> > enough for production use. It's been working fine since December 2019,
> > but there turned out to be more corner cases than I initially considered.
> > If any dhcpcd feature you use it not working with this, please please let
> > me know and I'll address it ASAP.
>
> I build and installed dhcpcd 9.0.0 om linux as follows:
>
> ./configure --libexecdir=/lib/dhcpcd \
>              --dbdir=/var/lib/dhcpcd \
>              --privsepuser=dhcpcd
>
>
> I then created the user dhcpcd as follows:
>
>
> install -v -m700 -d /var/lib/dhcpcd
>
>
> groupadd -g 52 dhcpcd
> useradd -c 'dhcpcd PrivSep' -d /var/lib/dhcpcd -g dhcpcd -s /bin/false -u 52 dhcpcd
>
> chown dhcpcd /var/lib/dhcpcd
> chgrp dhcpcd /var/lib/dhcpcd
>
>
> It seems to run fine, I get the following files and processes. Does that look 
> alright?
>
>
> root@lgl23t:/var/lib/dhcpcd# ls -l
> total 24
> drwxr-xr-x  13 root root 2960 Apr  3 17:12 dev
> -rw-r--r--   1 root root   42 Apr  1 10:47 duid
> -rw-r--r--   1 root root  314 Apr  3 17:10 enp0s3.lease
> drwxr-xr-x   2 root root 4096 Apr  3 17:12 etc
> dr-xr-xr-x 120 root root    0 Apr  3 17:12 proc
> drwxr-xr-x   3 root root 4096 Apr  3 17:12 run
> -r--------   1 root root  192 Apr  1 10:47 secret
> dr-xr-xr-x  12 root root    0 Apr  3 17:12 sys
> drwxr-xr-x   3 root root 4096 Apr  3 17:12 var

The dbdir is relative to the chroot - look in /var/lib/dhcpcd/var/lib/dhcpcd
You could remove any files you see in there from /var/lib/dhcpcd

> root@lgl23t:/var/lib/dhcpcd# ps -ef |grep dhcp
> dhcpcd    2010     1  0 17:12 ?        00:00:00 /sbin/dhcpcd enp0s3 -b -q
> root      2011  2010  0 17:12 ?        00:00:00 /sbin/dhcpcd enp0s3 -b -q
> dhcpcd    2012  2010  0 17:12 ?        00:00:00 /sbin/dhcpcd enp0s3 -b -q
> dhcpcd    2160  2011  0 17:12 ?        00:00:00 /sbin/dhcpcd enp0s3 -b -q
> dhcpcd    2357  2011  0 17:12 ?        00:00:00 /sbin/dhcpcd enp0s3 -b -q
> dhcpcd    2560  2011  0 17:12 ?        00:00:00 /sbin/dhcpcd enp0s3 -b -q
> root      2660  2627  0 17:18 pts/0    00:00:00 grep dhcp

Looks fine!
Hard to tell because your linux does not allow changing the process command 
reported by ps.

You will get less processes by running in master mode - ie removing the enp0s3 
argument from the command line.
If you really need to limit which interfaces dhcpcd runs on then do it in 
/etc/dhcpcd.conf and just start it for all.
I use bridges, taps, gif's and vpns on my router and dhcpcd leaves them alone by 
default.

> root@lgl23t:/var/lib/dhcpcd# ls -l /var/run/dhcpcd/
> total 4
> -rw-r--r-- 1 root root  5 Apr  3 17:12 enp0s3.pid
> srw-rw---- 1 root root  0 Apr  3 17:12 enp0s3.sock
> drwxr-xr-x 4 root root 80 Apr  3 17:12 hook-state
>
> root@lgl23t:/var/lib/dhcpcd# ls -l /var/run/dhcpcd/hook-state/
> total 0
> drwxr-xr-x 2 root root 40 Apr  3 17:12 ntp.conf
> drwxr-xr-x 2 root root 60 Apr  3 17:12 resolv.conf

Looks fine.

Roy