Leases file question

Glenn Satchell glenn.satchell at uniq.com.au
Thu Aug 19 10:28:56 UTC 2010


> On 08/18/2010 03:02 PM, Gene LeDuc wrote:
>> I have a cgi script that needs to read the dhcpd.leases file. Apache
>> (and the cgi script) run as user apache, while dhcpd is running as root.
>> I changed the ownership of the leases file to root.apache and set
>> group read permissions so the script can read it. It seems that when
>> dhcpd does housekeeping, the leases file ends up root.root and my script
>> can't read it. This is v3.0.5 running on RHEL 5.
>>
>> Is there a way to do any of the following:
>> 1. Get dhcpd to maintain the group ownership and permissions
>> 2. Get dhcpd to signal that it is has created a new leases file so I can
>> change the ownership and permissions back to what I need
>> 3. Have dhcpd do the leases housekeeping on a predictable schedule
>>
>> Thanks,
>> Gene


Here's the line from server/db.c that creates the new lease file. It's 
done with a mask of 0664.

     db_fd = open (newfname, O_WRONLY | O_TRUNC | O_CREAT, 0664);

So to create with default write permissions set the umask to 0750 before 
starting dhcpd. You could do this in /etc/init.d/dhcpd.

To change the group permissions set the group sticky bit on the 
directory where the file is created. This is a tricky technique that 
says new files should be created with specific group ownership...

     chgrp apache /var/lib/dhcpd
     chmod g+s /var/lib/dhcpd

Fix the ownership on the current file.

     chgrp apache /var/lib/dhcpd/dhcpd.leases*
     chmod g+r /var/lib/dhcpd.leases

Restart dhcpd. When dhcpd rotates the leases file the new leases file 
should have the right permissions and ownership.

BTW on my Solaris systems dhcpd.leases has permision 644, so anyone can 
read it.

-- 
regards,
-glenn



More information about the dhcp-users mailing list