Ensure Debian SysV users get set{g,u}id

diff --git a/builder-support/debian/recursor/debian-buster/rules b/builder-support/debian/recursor/debian-buster/rules
index b6495990d8c41c17af6a5becb568334505c21033..c8a82683b90b903c786a6225a0869db2c69fbce7 100755 (executable)
--- a/builder-support/debian/recursor/debian-buster/rules
+++ b/builder-support/debian/recursor/debian-buster/rules
@@ -44,6 +44,8 @@ override_dh_auto_install:
                -e 's!# config-dir=.*!config-dir=/etc/powerdns!' \
                -e 's!# local-address=.*!local-address=127.0.0.1!' \
                -e 's!# quiet=.*!quiet=yes!' \
+               -e 's!# setgid=.*!setgid=pdns!' \
+               -e 's!# setuid=.*!setuid=pdns!' \
                -e 's!# hint-file=.*!&\nhint-file=/usr/share/dns/root.hints!' \
                > debian/pdns-recursor/etc/powerdns/recursor.conf
 

diff --git a/builder-support/debian/recursor/debian-jessie/rules b/builder-support/debian/recursor/debian-jessie/rules
index 18583724c96fa733f4c6623e4067d01ae9bab90a..20d715d51a20fa043a677bbcf119772d0424c74a 100755 (executable)
--- a/builder-support/debian/recursor/debian-jessie/rules
+++ b/builder-support/debian/recursor/debian-jessie/rules
@@ -44,6 +44,8 @@ override_dh_auto_install:
                -e 's!# config-dir=.*!config-dir=/etc/powerdns!' \
                -e 's!# local-address=.*!local-address=127.0.0.1!' \
                -e 's!# quiet=.*!quiet=yes!' \
+               -e 's!# setgid=.*!setgid=pdns!' \
+               -e 's!# setuid=.*!setuid=pdns!' \
                -e 's!# hint-file=.*!&\nhint-file=/usr/share/dns/root.hints!' \
                > debian/tmp/etc/powerdns/recursor.conf
 

diff --git a/builder-support/debian/recursor/debian-stretch/rules b/builder-support/debian/recursor/debian-stretch/rules
index b6495990d8c41c17af6a5becb568334505c21033..c8a82683b90b903c786a6225a0869db2c69fbce7 100755 (executable)
--- a/builder-support/debian/recursor/debian-stretch/rules
+++ b/builder-support/debian/recursor/debian-stretch/rules
@@ -44,6 +44,8 @@ override_dh_auto_install:
                -e 's!# config-dir=.*!config-dir=/etc/powerdns!' \
                -e 's!# local-address=.*!local-address=127.0.0.1!' \
                -e 's!# quiet=.*!quiet=yes!' \
+               -e 's!# setgid=.*!setgid=pdns!' \
+               -e 's!# setuid=.*!setuid=pdns!' \
                -e 's!# hint-file=.*!&\nhint-file=/usr/share/dns/root.hints!' \
                > debian/pdns-recursor/etc/powerdns/recursor.conf
 

diff --git a/pdns/pdns_recursor.cc b/pdns/pdns_recursor.cc
index 03e7c05236ca75c87f958d31ee4fe226b10a6c45..3135f1d6f65bec4ad5de558d70d3b114de1ef4c1 100644 (file)
--- a/pdns/pdns_recursor.cc
+++ b/pdns/pdns_recursor.cc
@@ -4424,8 +4424,17 @@ int main(int argc, char **argv)
     ::arg().set("log-timestamp","Print timestamps in log lines, useful to disable when running with a tool that timestamps stdout already")="yes";
     ::arg().set("log-common-errors","If we should log rather common errors")="no";
     ::arg().set("chroot","switch to chroot jail")="";
-    ::arg().set("setgid","If set, change group id to this gid for more security")="";
-    ::arg().set("setuid","If set, change user id to this uid for more security")="";
+    ::arg().set("setgid","If set, change group id to this gid for more security"
+#ifdef HAVE_SYSTEMD
+#define SYSTEMD_SETID_MSG ". When running inside systemd, use the User and Group settings in the unit-file!"
+        SYSTEMD_SETID_MSG
+#endif
+        )="";
+    ::arg().set("setuid","If set, change user id to this uid for more security"
+#ifdef HAVE_SYSTEMD
+        SYSTEMD_SETID_MSG
+#endif
+        )="";
     ::arg().set("network-timeout", "Wait this number of milliseconds for network i/o")="1500";
     ::arg().set("threads", "Launch this number of threads")="2";
     ::arg().set("distributor-threads", "Launch this number of distributor threads, distributing queries to other threads")="0";