Re: [Dnsmasq-discuss] Starting as non-root just works

2019-05-16 Thread Geert Stappers
On Tue, May 14, 2019 at 11:32:50AM +0200, Kristoffel Pirard wrote: > On Mon, May 13, 2019 at 11:35 PM Geert Stappers wrote: > > On Mon, May 13, 2019 at 12:51:09PM +0200, Kristoffel Pirard wrote: > > > On Mon, 13 May 2019, 12:36 Geert Stappers wrote: > > > > On 13-05-2019 11:02, Roy Marples wrote: >

Re: [Dnsmasq-discuss] Starting as non-root just works

2019-05-14 Thread Kristoffel Pirard
Hi Geert, That is terribly helpful. Thanks a lot! Although 'the whole world is not Linux', your explanation "Dnsmasq listens on ports 53, 67 and 69. That requires root privilege; Avoiding to run dnsmasq as root can be done with net capabilities" seems a terrific candidate to go in the man page :

Re: [Dnsmasq-discuss] Starting as non-root just works

2019-05-13 Thread Geert Stappers
On Mon, May 13, 2019 at 12:51:09PM +0200, Kristoffel Pirard wrote: > On Mon, 13 May 2019, 12:36 Geert Stappers wrote: > > On 13-05-2019 11:02, Roy Marples wrote: > > > On 13/05/2019 09:31, Kristoffel Pirard wrote: > > >> The dnsmasq man page for the --user parameter says that "Dnsmasq must > > >> _

Re: [Dnsmasq-discuss] Starting as non-root

2019-05-13 Thread Kristoffel Pirard
So I should interpret it as 'unless you have a really good reason and you know what you're doing'? (Which I answer 'no' to twice) On Mon, 13 May 2019, 12:36 Geert Stappers, wrote: > > On 13-05-2019 11:02, Roy Marples wrote: > > On 13/05/2019 09:31, Kristoffel Pirard wrote: > >> The dnsmasq man

Re: [Dnsmasq-discuss] Starting as non-root

2019-05-13 Thread Geert Stappers
On 13-05-2019 11:02, Roy Marples wrote: > On 13/05/2019 09:31, Kristoffel Pirard wrote: >> The dnsmasq man page for the --user parameter says that "Dnsmasq must >> _normally_ be started as root".  We tested starting as non-root user, >> but with capabilities cap_net_bind_service, cap_net_admin, >>

Re: [Dnsmasq-discuss] Starting as non-root

2019-05-13 Thread Roy Marples
On 13/05/2019 09:31, Kristoffel Pirard wrote: The dnsmasq man page for the --user parameter says that "Dnsmasq must _normally_ be started as root".  We tested starting as non-root user, but with capabilities cap_net_bind_service, cap_net_admin, cap_net_raw. It currently seems to work, but I'm

[Dnsmasq-discuss] Starting as non-root

2019-05-13 Thread Kristoffel Pirard
Hi there, The dnsmasq man page for the --user parameter says that "Dnsmasq must _normally_ be started as root". We tested starting as non-root user, but with capabilities cap_net_bind_service, cap_net_admin, cap_net_raw. It currently seems to work, but I'm debating if we should actually use this