Leases file question
Glenn Satchell
glenn.satchell at uniq.com.au
Thu Aug 19 10:28:56 UTC 2010
> On 08/18/2010 03:02 PM, Gene LeDuc wrote:
>> I have a cgi script that needs to read the dhcpd.leases file. Apache
>> (and the cgi script) run as user apache, while dhcpd is running as root.
>> I changed the ownership of the leases file to root.apache and set
>> group read permissions so the script can read it. It seems that when
>> dhcpd does housekeeping, the leases file ends up root.root and my script
>> can't read it. This is v3.0.5 running on RHEL 5.
>>
>> Is there a way to do any of the following:
>> 1. Get dhcpd to maintain the group ownership and permissions
>> 2. Get dhcpd to signal that it is has created a new leases file so I can
>> change the ownership and permissions back to what I need
>> 3. Have dhcpd do the leases housekeeping on a predictable schedule
>>
>> Thanks,
>> Gene
Here's the line from server/db.c that creates the new lease file. It's
done with a mask of 0664.
db_fd = open (newfname, O_WRONLY | O_TRUNC | O_CREAT, 0664);
So to create with default write permissions set the umask to 0750 before
starting dhcpd. You could do this in /etc/init.d/dhcpd.
To change the group permissions set the group sticky bit on the
directory where the file is created. This is a tricky technique that
says new files should be created with specific group ownership...
chgrp apache /var/lib/dhcpd
chmod g+s /var/lib/dhcpd
Fix the ownership on the current file.
chgrp apache /var/lib/dhcpd/dhcpd.leases*
chmod g+r /var/lib/dhcpd.leases
Restart dhcpd. When dhcpd rotates the leases file the new leases file
should have the right permissions and ownership.
BTW on my Solaris systems dhcpd.leases has permision 644, so anyone can
read it.
--
regards,
-glenn
More information about the dhcp-users
mailing list