diff --git a/files/CONTROL/control b/files/CONTROL/control index 91e66f1..70a7fa6 100644 --- a/files/CONTROL/control +++ b/files/CONTROL/control @@ -1,6 +1,6 @@ Package: pi-hole Version: -Depends: bash, cron, logrotate, curl, git-http, ca-bundle, bind-dig, bind-nslookup, iputils-ping, net-tools, net-tools-netstat, findutils, grep, sed, jq, libcap-bin, shadow-su, sudo, psmisc, procps-ng-pgrep, libncurses-dev, rev, lscpu, coreutils-cut, coreutils-expr, coreutils-id, coreutils-install, coreutils-mktemp, coreutils-nohup, coreutils-printf, coreutils-seq, coreutils-sha1sum, coreutils-sleep, coreutils-stat, coreutils-stty, coreutils-tee, coreutils-timeout, coreutils-tr, coreutils-tty, coreutils-whoami +Depends: bash, cron, logrotate, curl, git-http, ca-bundle, bind-dig, bind-nslookup, iputils-ping, net-tools, net-tools-netstat, findutils, grep, sed, jq, libcap-bin, sudo, psmisc, procps-ng-pgrep, libncurses-dev, rev, lscpu, coreutils-cut, coreutils-expr, coreutils-id, coreutils-install, coreutils-mktemp, coreutils-nohup, coreutils-printf, coreutils-seq, coreutils-sha1sum, coreutils-sleep, coreutils-stat, coreutils-stty, coreutils-tee, coreutils-timeout, coreutils-tr, coreutils-tty, coreutils-whoami Source: https://github.com/jacklul/entware-pi-hole License: EUPL-1.2 LicenseFiles: LICENSE diff --git a/files/opt/etc/init.d/S65pihole-FTL b/files/opt/etc/init.d/S65pihole-FTL index d7a2464..893c33e 100644 --- a/files/opt/etc/init.d/S65pihole-FTL +++ b/files/opt/etc/init.d/S65pihole-FTL @@ -15,26 +15,35 @@ case $1 in # Attempt to start using setcap and su or as 'pihole' user if [ -z "$ARGS" ] && [ -z "$PREARGS" ]; then ROOT_USER="$(id -nu 0 2> /dev/null)" + ROOT_GROUP="$(id -ng 0 2> /dev/null)" + + if [ -n "$ROOT_USER" ] && [ -n "$ROOT_GROUP" ]; then # if this is empty then this can indicate absence of 'id' command + ARGS="-- -u $ROOT_USER -g $ROOT_GROUP" # workaround "[dnsmasq] unknown user or group: root" error + + # Update permissions of /dev/shm + if [ "$(stat -c "%a" /dev/shm)" != "1777" ]; then + if ! chmod 1777 /dev/shm; then + echo "Warning: Failed to update permissions of /dev/shm" >&2 + fi + fi - if [ -n "$ROOT_USER" ]; then # if this is empty then this can indicate absence of 'id' command if [ -n "$(id -u pihole 2> /dev/null)" ]; then + # attempt to start the intended way if setcap CAP_NET_BIND_SERVICE,CAP_NET_RAW,CAP_NET_ADMIN,CAP_SYS_NICE,CAP_IPC_LOCK,CAP_CHOWN+eip "/opt/bin/pihole-FTL"; then - PREARGS="su -s sh -c" - ARGS="pihole" + #ARGS="-- -u pihole -g pihole" + PREARGS="sudo -u pihole" fi - if [ -z "$ARGS" ]; then # setcap not supported - start as root user but then change to pihole - ARGS="-- -u pihole" - echo "Warning: Starting pihole-FTL as '$ROOT_USER' (then dropping to 'pihole') because setting capabilities is not supported on this system" + if [ -z "$PREARGS" ]; then # setcap not supported + echo "Warning: Starting pihole-FTL as '$ROOT_USER' (then dropping to 'pihole') because setting capabilities is not supported on this system" >&2 fi else # start as root user - ROOT_GROUP="$(id -ng 0 2> /dev/null)" - - ARGS="-- -u $ROOT_USER" - echo "Warning: Starting pihole-FTL as '$ROOT_USER' because 'pihole' user does not exist" + echo "Warning: Starting pihole-FTL as '$ROOT_USER' because 'pihole' user does not exist" >&2 chown -R "$ROOT_USER":"$ROOT_GROUP" /opt/etc/pihole /opt/var/log/pihole fi + else + echo "Warning: Unable to determine root user" >&2 fi fi