You are not logged in.
Pages: 1
Hello!
Can you help me resolve problem with dnscrypt-proxy permissions?
I edited *.toml: uncommented logs and added blacklist file.
When dsncrypt-proxy starts (systemctl start dnscrypt-proxy) it creates /dnscrypt-proxy symlink and /private directory.
lrwxrwxrwx 1 root root dnscrypt-proxy -> private/dnscrypt-proxy
drwx------ 3 root root private/
I can explore /private dir and logs just under root user (or after sudo su), but I can not cd /private dir under any other user with sudo.
How can I fix it?
And is it really important root:root owner for "blocked-names.txt" file for adding it when dnscrypt-proxy starts?
Thank you.
Offline
I got some news. I asked same question on dnscrypt-proxy Github page:
https://github.com/DNSCrypt/dnscrypt-pr … sions/2234
And jedisct1 (Frank Denis, maintainer) answerd that:
>>When dsncrypt-proxy starts (systemctl start dnscrypt-proxy) it creates /dnscrypt-proxy symlink and /private directory.
Errr... what?
There's nothing in the dnscrypt-proxy code that does anything like it.
Since this is not part of this software, you'd better ask that package's maintainer, or on an Arch Linux forum.
As I understood, packager is David Runge.
What can I do in that case?
Last edited by Nick_Name (2022-11-08 20:07:33)
Offline
Do you mean /var/lib/dnscrypt-proxy and /var/lib/private/dnscrypt-proxy or maybe the same in /var/log? This is normal. The systemd service is run with a dynamic user, i.e. systemd allocates an unused userid for the service and gives it its own private state directory. There should be no reason to access those directories and if it should ever be necessary to troubleshoot, using root should be just fine.
https://man.archlinux.org/man/core/syst … SANDBOXING
If DynamicUser= is used, the logic for CacheDirectory=, LogsDirectory= and StateDirectory= is slightly altered: the directories are created below /var/cache/private, /var/log/private and
/var/lib/private, respectively, which are host directories made inaccessible to unprivileged users, which ensures that access to these directories cannot be gained through dynamic user ID
recycling. Symbolic links are created to hide this difference in behaviour. Both from perspective of the host and from inside the unit, the relevant directories hence always appear directly below
/var/cache, /var/log and /var/lib.
dnscrypt-proxy should not write any log files, the logs are all stored in the systemd journal (journalctl)
Last edited by progandy (2022-11-08 20:33:42)
| alias CUTF='LANG=en_XX.UTF-8@POSIX ' | alias ENGLISH='LANG=C.UTF-8 ' |
Offline
progandy
I mean /var/log directory.
Thank you for your explanation!
Offline
Pages: 1