From 932c76fa740acb0d68a46b78e2bc0eafd5fe13d6 Mon Sep 17 00:00:00 2001 From: "Daniel F. Dickinson" Date: Fri, 26 Jul 2019 23:47:01 -0400 Subject: [PATCH] p910nd: Run as non-root by default We add the necessary Makefile, hotplug, config, and init bits so that p910nd daemon runs as user:group p910nd:lp by default. This eliminates an unnecessary root daemon. The hotplug script sets the permissions of the USB lp device(s) to read-write owner and group and no access to anyone else, and sets owner root, group lp. This is allows sufficient privileges to p910nd to do it's job. Signed-off-by: Daniel F. Dickinson --- net/p910nd/Makefile | 5 ++++- net/p910nd/files/p910nd.config | 2 ++ net/p910nd/files/p910nd.hotplug | 13 +++++++++++++ net/p910nd/files/p910nd.init | 5 ++++- 4 files changed, 23 insertions(+), 2 deletions(-) create mode 100644 net/p910nd/files/p910nd.hotplug diff --git a/net/p910nd/Makefile b/net/p910nd/Makefile index 12b4e86374..cfe4ea7d91 100644 --- a/net/p910nd/Makefile +++ b/net/p910nd/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=p910nd PKG_VERSION:=0.97 -PKG_RELEASE:=7 +PKG_RELEASE:=8 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2 PKG_SOURCE_URL:=@SF/p910nd @@ -28,6 +28,7 @@ define Package/p910nd SUBMENU:=Printing TITLE:=A small non-spooling printer server URL:=http://p910nd.sourceforge.net + USERID:=p910nd=393:lp=7 endef define Package/p910nd/conffiles @@ -54,6 +55,8 @@ define Package/p910nd/install $(INSTALL_DATA) ./files/p910nd.config $(1)/etc/config/p910nd $(INSTALL_DIR) $(1)/etc/init.d $(INSTALL_BIN) ./files/p910nd.init $(1)/etc/init.d/p910nd + $(INSTALL_DIR) $(1)/etc/hotplug.d/usbmisc + $(INSTALL_BIN) ./files/p910nd.hotplug $(1)/etc/hotplug.d/usbmisc/20-p910nd endef $(eval $(call BuildPackage,p910nd)) diff --git a/net/p910nd/files/p910nd.config b/net/p910nd/files/p910nd.config index b8257b77c9..5446192c76 100644 --- a/net/p910nd/files/p910nd.config +++ b/net/p910nd/files/p910nd.config @@ -5,6 +5,8 @@ config p910nd option port 0 option bidirectional 1 option enabled 0 + # Override running as user p910nd, group lp + option runas_root 0 # mDNS support - see Bonjour Printing Specification for details concerning the values # Be aware that you can only advertise one printer on this host via mDNS diff --git a/net/p910nd/files/p910nd.hotplug b/net/p910nd/files/p910nd.hotplug new file mode 100644 index 0000000000..0c2291efaf --- /dev/null +++ b/net/p910nd/files/p910nd.hotplug @@ -0,0 +1,13 @@ +#!/bin/sh + +case "$ACTION" in + add) + [ -n "${DEVNAME}" ] && [ "${DEVNAME##usb/lp*}" = "" ] && { + chmod 660 /dev/"$DEVNAME" + chgrp lp /dev/"$DEVNAME" + } + ;; + remove) + # device is gone + ;; +esac diff --git a/net/p910nd/files/p910nd.init b/net/p910nd/files/p910nd.init index 479b8410fe..0eadebd65e 100644 --- a/net/p910nd/files/p910nd.init +++ b/net/p910nd/files/p910nd.init @@ -28,7 +28,7 @@ start_service() { start_p910nd() { - local section="$1" + local section="$1" runas_root config_get_bool "enabled" "$section" "enabled" '1' if [ "$enabled" -gt 0 ]; then args="-d " @@ -42,6 +42,9 @@ start_p910nd() { procd_set_param command /usr/sbin/p910nd $args procd_set_param respawn + config_get_bool runas_root "$section" runas_root 0 + [ "$runas_root" -ne 1 ] && procd_set_param user p910nd + config_get_bool "mdns" "$section" "mdns" '0' config_get mdns_note "$section" mdns_note config_get mdns_ty "$section" mdns_ty -- 2.30.2