On Tue, May 14, 2019 at 11:32:50AM +0200, Kristoffel Pirard wrote:
> On Mon, May 13, 2019 at 11:35 PM Geert Stappers wrote:
> > On Mon, May 13, 2019 at 12:51:09PM +0200, Kristoffel Pirard wrote:
> > > On Mon, 13 May 2019, 12:36 Geert Stappers wrote:
> > > > On 13-05-2019 11:02, Roy Marples wrote:
>
Hi Geert,
That is terribly helpful. Thanks a lot!
Although 'the whole world is not Linux', your explanation "Dnsmasq listens
on ports 53, 67 and 69. That requires
root privilege; Avoiding to run dnsmasq as root can be done with net
capabilities" seems a terrific candidate to go in the man page :
On Mon, May 13, 2019 at 12:51:09PM +0200, Kristoffel Pirard wrote:
> On Mon, 13 May 2019, 12:36 Geert Stappers wrote:
> > On 13-05-2019 11:02, Roy Marples wrote:
> > > On 13/05/2019 09:31, Kristoffel Pirard wrote:
> > >> The dnsmasq man page for the --user parameter says that "Dnsmasq must
> > >> _
So I should interpret it as 'unless you have a really good reason and you
know what you're doing'? (Which I answer 'no' to twice)
On Mon, 13 May 2019, 12:36 Geert Stappers, wrote:
>
> On 13-05-2019 11:02, Roy Marples wrote:
> > On 13/05/2019 09:31, Kristoffel Pirard wrote:
> >> The dnsmasq man
On 13-05-2019 11:02, Roy Marples wrote:
> On 13/05/2019 09:31, Kristoffel Pirard wrote:
>> The dnsmasq man page for the --user parameter says that "Dnsmasq must
>> _normally_ be started as root". We tested starting as non-root user,
>> but with capabilities cap_net_bind_service, cap_net_admin,
>>
On 13/05/2019 09:31, Kristoffel Pirard wrote:
The dnsmasq man page for the --user parameter says that "Dnsmasq must
_normally_ be started as root". We tested starting as non-root user,
but with capabilities cap_net_bind_service, cap_net_admin, cap_net_raw.
It currently seems to work, but I'm
Hi there,
The dnsmasq man page for the --user parameter says that "Dnsmasq must
_normally_ be started as root". We tested starting as non-root user, but
with capabilities cap_net_bind_service, cap_net_admin, cap_net_raw. It
currently seems to work, but I'm debating if we should actually use this