added modifications to run eq3configd under a dedicated user and group

(this refs #599).
jens-maus · Sep 25, 2023 · c3e9ee6 · c3e9ee6
1 parent 03bc331
commit c3e9ee6
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 1 deletion.
diff --git a/buildroot-external/package/eq3configd/S50eq3configd b/buildroot-external/package/eq3configd/S50eq3configd
@@ -21,9 +21,12 @@ init () {
     cp /var/ids /etc/config/
   fi
 
+  # make sure crypttool.cfg exists and has secure permissions
   if [[ ! -e /etc/config/crypttool.cfg ]] ; then
     touch /etc/config/crypttool.cfg
   fi
+  chmod 0640 /etc/config/crypttool.cfg
+  chgrp eq3cfg /etc/config/crypttool.cfg
 }
 
 start() {
@@ -34,7 +37,7 @@ start() {
   # to ensure that others are killed first in case of low memory situations
   echo -900 >/proc/$$/oom_score_adj 2> /dev/null
 
-  start-stop-daemon -S -q -b -m -p ${PIDFILE} --exec /bin/${DAEMON}
+  start-stop-daemon -S -q -b -m -c eq3cfg:eq3cfg -p ${PIDFILE} --exec /bin/${DAEMON}
   echo "OK"
 }
 stop() {

diff --git a/buildroot-external/package/eq3configd/eq3configd.mk b/buildroot-external/package/eq3configd/eq3configd.mk
@@ -13,4 +13,8 @@ define EQ3CONFIGD_INSTALL_INIT_SYSV
 		$(TARGET_DIR)/etc/init.d/S50eq3configd
 endef
 
+define EQ3CONFIGD_USERS
+	eq3cfg -1 eq3cfg -1 * - - - eq3configd user
+endef
+
 $(eval $(generic-package))