[dnsdist] dnsdist 1.5.1 on Debian 10.8: snmpd socket and privileges
Aleš Rygl
ales at rygl.net
Tue Feb 23 15:35:48 UTC 2021
Hello,
I am struggling a bit on dnsdist after upgrade to from 1.4.0 to 1.5.1. I
am using Debian 10.8 and dnsdist with SNMP support enabled. It looks
like dnsdist systemd unit file forces dnsdist to drop privileges to
_dnsdist user and _dnsdist group in 1.5.1:
[Service]
ExecStartPre=/usr/bin/dnsdist --check-config
# Note: when editing the ExecStart command, keep --supervised and
--disable-syslog
ExecStart=/usr/bin/dnsdist --supervised --disable-syslog
User=_dnsdist
Group=_dnsdist
The issue is that with such options it can not reach snmpd socket any more:
Feb 23 15:19:14 rzt-dns-lb2 dnsdist[20011]: Warning: Failed to connect
to the agentx master agent (/var/agentx/master):
The permisions to the socket file (Debian default):
# ll /var
total 56
drwx------ 2 root root 4096 Sep 23 16:59 agentx
ll /var/agentx
total 0
srwxr-xr-x 1 root root 0 Feb 23 15:32 bmc
srwxr-xr-x 1 root root 0 Feb 23 16:01 master
# ll /var/agentx /var/agentx/master
srwxr-xr-x 1 root root 0 Feb 23 16:01 /var/agentx/master
My idea was that changing mode of agentx directory above to 755 could
help but it is not like that. I had to force dnsdist to run with root
privileges to make it work again.
What should be the correct setup to run dnsdist under _dnsdist account
again and SNMP enabled?
Many thanks
With regards
Ales
More information about the dnsdist
mailing list