Bug 259054 - dns/coredns: Create dedicated user
Summary: dns/coredns: Create dedicated user
Status: Closed Not Accepted
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: Yuri Victorovich
URL: https://github.com/coredns/coredns/is...
Keywords:
Depends on:
Blocks:
 
Reported: 2021-10-10 21:40 UTC by Rob LA LAU
Modified: 2021-11-06 03:48 UTC (History)
0 users

See Also:
bugzilla: maintainer-feedback? (yuri)

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Rob LA LAU 2021-10-10 21:40:16 UTC 
CoreDNS currently runs as root. It would be better to create a dedicated user and group 'coredns' to run the daemon as.
Apart from the creation of the user and group, this would only require the addition of the -u flag to the /usr/sbin/daemon arguments in the rc-script.
Comment 1 Yuri Victorovich freebsd_committer freebsd_triage 2021-10-11 05:48:58 UTC 
> Apart from the creation of the user and group, this would only require the addition of the -u flag to the /usr/sbin/daemon arguments in the rc-script.

With privileged ports (53 is a privileged ports) this wouldn't work because the application wouldn't be able to listen on it after setuid.

I asked CoreDNS to implement setuid based on a command line argument.
Comment 2 Rob LA LAU 2021-10-11 06:16:15 UTC 
Oops, hadn't thought of that.
Thanks.
Comment 3 Rob LA LAU 2021-11-05 23:29:36 UTC 
Apparently, golang is not capable of setuid.
So let's just close this issue.
Comment 4 Yuri Victorovich freebsd_committer freebsd_triage 2021-11-05 23:51:32 UTC 
For the record, I asked Golang to support setuid: https://github.com/golang/go/issues/49404
Comment 5 Yuri Victorovich freebsd_committer freebsd_triage 2021-11-06 03:48:47 UTC 
Here is an example how to do setuid from Golang: https://gist.github.com/BorePlusPlus/4f9b2b4cc687c05dbdfb#file-setuid-go-L14