Mercurial > hg > dhcpcd
changeset 5137:bca739d216a7 draft
privsep: Detect a suitable user for dhcpcd, otherwise use dhcpcd
System users generally have _ preceeding their username.
Only use this user if it exists and their home dir is not /var/empty.
Otherwise default to using dhcpcd.
| author | Roy Marples <roy@marples.name> |
|---|---|
| date | Sun, 05 Apr 2020 16:44:32 +0100 |
| parents | 0fea55d03199 |
| children | 34391161e606 |
| files | configure |
| diffstat | 1 files changed, 16 insertions(+), 6 deletions(-) [+] |
line wrap: on
line diff
--- a/configure Sun Apr 05 15:52:50 2020 +0100 +++ b/configure Sun Apr 05 16:44:32 2020 +0100 @@ -556,16 +556,26 @@ if [ "$PRIVSEP" = yes ]; then echo "Enabling Privilege Separation" - # Try and work out a user + # Try and work out system user if [ -z "$PRIVSEP_USER" ]; then - for x in _dhcpcd _dhcp; do - if id "$x" 2>/dev/null >&2; then + printf "Detecting a suitable user for dhcpcd ... " + for x in _dhcpcd _dhcp dhcpcd; do + home=$(getent passwd $x 2>/dev/null | cut -d: -f6) + case "$home" in + /var/empty|"") ;; + *) PRIVSEP_USER="$x" - break - fi + break;; + esac done fi - : ${PRIVSEP_USER:=_dhcpcd} + if [ -n "$PRIVSEP_USER" ]; then + echo "$PRIVSEP_USER" + else + PRIVSEP_USER=dhcpcd + echo + echo "No suitable user found for Priviledge Separation!" + fi echo "CPPFLAGS+= -DPRIVSEP" >>$CONFIG_MK echo "#ifndef PRIVSEP_USER" >>$CONFIG_H