unbound: Switch to non-privileged user

Until now unbound was always running as root by default. A DNS resolver can easily run under a non-privileged user. Signed-off-by: Michael Hanselmann <public@hansmi.ch>
2025-12-23 16:44:31 +04:00 · 2016-06-10 22:46:28 +02:00
parent 28945ea398
commit 414eaacd90
3 changed files with 9 additions and 9 deletions
--- a/net/unbound/files/unbound.init
+++ b/net/unbound/files/unbound.init
@@ -6,6 +6,12 @@ START=61
 USE_PROCD=1

 start_service() {
+	find /etc/unbound \! \( -user unbound -group unbound \) \
+		-exec chown unbound:unbound {} \;
+
+	find /etc/unbound \( -perm +027 -o \! -perm -600 \) \
+		-exec chmod u=rwX,g=rX,o= {} \;
+
 	procd_open_instance
 	procd_set_param command /usr/sbin/unbound
 	procd_append_param command -d # don't daemonize