[dnsdist] dnsdist 1.5.1 on Debian 10.8: snmpd socket and privileges
Remi Gacogne
remi.gacogne at powerdns.com
Tue Feb 23 15:49:07 UTC 2021
Hi Aleš,
On 2/23/21 4:35 PM, Aleš Rygl via dnsdist wrote:
> My idea was that changing mode of agentx directory above to 755 could
> help but it is not like that. I had to force dnsdist to run with root
> privileges to make it work again.
>
> What should be the correct setup to run dnsdist under _dnsdist account
> again and SNMP enabled?
I _think_ you should be able to change the permissions on the directory
once, and it should stay that way, but you probably also need to set the
permissions on the socket itself. The documentation [1] states that you
can do that in snmpd.conf, and our own CI actually does:
agentxperms 0700 0755
Which should set the socket permissions to 0700 and the directory
permissions to 0755. So if the socket is owned by _dnsdist, I think that
should work:
agentxperms 0700 0755 _dnsdist _dnsdist
[1]: https://dnsdist.org/advanced/snmp.html
--
Remi Gacogne
PowerDNS.COM BV - https://www.powerdns.com/
More information about the dnsdist
mailing list