[dnsdist] dnsdist 1.5.1 on Debian 10.8: snmpd socket and privileges

Mark Moseley moseleymark at gmail.com
Tue Feb 23 19:29:55 UTC 2021


On Tue, Feb 23, 2021 at 7:49 AM Remi Gacogne via dnsdist <
dnsdist at mailman.powerdns.com> wrote:

> Hi Aleš,
>
> On 2/23/21 4:35 PM, Aleš Rygl via dnsdist wrote:
> > My idea was that changing mode of agentx directory above to 755 could
> > help but it is not like that. I had to force dnsdist to run with root
> > privileges to make it work again.
> >
> > What should be the correct setup to run dnsdist under _dnsdist account
> > again and SNMP enabled?
>
> I _think_ you should be able to change the permissions on the directory
> once, and it should stay that way, but you probably also need to set the
> permissions on the socket itself. The documentation [1] states that you
> can do that in snmpd.conf, and our own CI actually does:
>
> agentxperms 0700 0755
>
> Which should set the socket permissions to 0700 and the directory
> permissions to 0755. So if the socket is owned by _dnsdist, I think that
> should work:
>
> agentxperms 0700 0755 _dnsdist _dnsdist
>
>
Or if you need to play nice with other things on the system (maybe other
subagents are running):

agentxperms 0770 0770 root agentxusers

and create a unix group called 'agentxusers' with _dnsdist in it (and then
you can add other users requiring subagent access to that group)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/dnsdist/attachments/20210223/2420ce75/attachment.htm>


More information about the dnsdist mailing list