Leases file question

[Gene LeDuc]

On 8/19/2010 3:28 AM, Glenn Satchell wrote:
>
>> On 08/18/2010 03:02 PM, Gene LeDuc wrote:
>>> I have a cgi script that needs to read the dhcpd.leases file. Apache
>>> (and the cgi script) run as user apache, while dhcpd is running as root.
>>> I changed the ownership of the leases file to root.apache and set
>>> group read permissions so the script can read it. It seems that when
>>> dhcpd does housekeeping, the leases file ends up root.root and my script
>>> can't read it. This is v3.0.5 running on RHEL 5.
>>>
>>> Is there a way to do any of the following:
>>> 1. Get dhcpd to maintain the group ownership and permissions
>>> 2. Get dhcpd to signal that it is has created a new leases file so I can
>>> change the ownership and permissions back to what I need
>>> 3. Have dhcpd do the leases housekeeping on a predictable schedule
>>>
>>> Thanks,
>>> Gene
>
>
> Here's the line from server/db.c that creates the new lease file. It's
> done with a mask of 0664.
>
> db_fd = open (newfname, O_WRONLY | O_TRUNC | O_CREAT, 0664);
>
> So to create with default write permissions set the umask to 0750 before
> starting dhcpd. You could do this in /etc/init.d/dhcpd.
>
> To change the group permissions set the group sticky bit on the
> directory where the file is created. This is a tricky technique that
> says new files should be created with specific group ownership...
>
> chgrp apache /var/lib/dhcpd
> chmod g+s /var/lib/dhcpd
>
> Fix the ownership on the current file.
>
> chgrp apache /var/lib/dhcpd/dhcpd.leases*
> chmod g+r /var/lib/dhcpd.leases
>
> Restart dhcpd. When dhcpd rotates the leases file the new leases file
> should have the right permissions and ownership.
>
> BTW on my Solaris systems dhcpd.leases has permision 644, so anyone can
> read it.
>

Thanks Glenn, setting the group sticky bit did the trick.

On our old Solaris box, the lease permissions are also 644 so this 
wasn't an issue.  But the RH box set them to 640 and broke our script. 
It's working now, though.

Gene