diff options
| author | Roy Marples <roy@marples.name> | 2020-04-05 16:44:32 +0100 |
|---|---|---|
| committer | Roy Marples <roy@marples.name> | 2020-04-05 16:44:32 +0100 |
| commit | fa54fc1687eebfed9ecef156359676eb0b404835 (patch) | |
| tree | a77acc4b902432d1da0f2617ecc6b78937127703 /configure | |
| parent | 0227431cc87758176d81b7e8f04331091f7b89a7 (diff) | |
| download | dhcpcd-fa54fc1687eebfed9ecef156359676eb0b404835.tar.xz | |
privsep: Detect a suitable user for dhcpcd, otherwise use dhcpcd
System users generally have _ preceeding their username.
Only use this user if it exists and their home dir is not /var/empty.
Otherwise default to using dhcpcd.
Diffstat (limited to 'configure')
| -rwxr-xr-x | configure | 22 |
1 files changed, 16 insertions, 6 deletions
@@ -556,16 +556,26 @@ fi if [ "$PRIVSEP" = yes ]; then echo "Enabling Privilege Separation" - # Try and work out a user + # Try and work out system user if [ -z "$PRIVSEP_USER" ]; then - for x in _dhcpcd _dhcp; do - if id "$x" 2>/dev/null >&2; then + printf "Detecting a suitable user for dhcpcd ... " + for x in _dhcpcd _dhcp dhcpcd; do + home=$(getent passwd $x 2>/dev/null | cut -d: -f6) + case "$home" in + /var/empty|"") ;; + *) PRIVSEP_USER="$x" - break - fi + break;; + esac done fi - : ${PRIVSEP_USER:=_dhcpcd} + if [ -n "$PRIVSEP_USER" ]; then + echo "$PRIVSEP_USER" + else + PRIVSEP_USER=dhcpcd + echo + echo "No suitable user found for Priviledge Separation!" + fi echo "CPPFLAGS+= -DPRIVSEP" >>$CONFIG_MK echo "#ifndef PRIVSEP_USER" >>$CONFIG_H |