dnsmasq daemon has no access to hostsblock's new dir

[tukoz]

On Arch linux, hostsblock v0.999.4-1.

1. hostsblocks configuration

/var/lib/hostsblock/hostsblock.conf

# Example 1: dnsmasq under systemd
postprocess() {                                                                     
    sudo /usr/bin/systemctl reload dnsmasq.service                                  
}

2. Permission for hostsblock & dnsmasq process

$ ls -ld /var/lib/hostsblock/ drwxr-x--- 3 hostsblock hostsblock 4096 juil. 28 12:26 /var/lib/hostsblock/

ls -l /var/lib/hostsblock/

total 26924
drwxr-xr-x 2 hostsblock hostsblock     4096 juil. 28 00:00 cache/
-rw-r----- 1 hostsblock hostsblock      154 juil. 27 23:57 black.list
-rw-r--r-- 1 hostsblock hostsblock 22374066 juil. 28 00:00 hosts.block
-rw-r--r-- 1 hostsblock hostsblock     1360 juil. 27 23:41 hosts.head
-rw-r----- 1 hostsblock hostsblock     9646 juil. 27 23:59 hostsblock.conf
-rw-r--r-- 1 hostsblock hostsblock  5163435 juil. 28 00:00 hostsblock.db.gz
-rw-r----- 1 hostsblock hostsblock     3381 juil. 27 23:56 white.list

/etc/group hostsblock:x:1013:hostsblock,dnsmasq

$ ll -d /var/lib/hostsblock drwxr-x--- 3 hostsblock 4,0K juil. 28 12:26 /var/lib/hostsblock/

3. restart dnsmasq daemon

   # systemctl restart dnsmasq && systemctl status dnsmasq
   ...
   juil. 28 12:29:02 HOST dnsmasq[2486]: failed to load names from /var/lib/hostsblock/hosts.block: Permission denied

   Looks like I missed something. Note I haven't removed /etc/hostsblock dir yet.

[gaenserich]

Sounds like the user dnsmasq needs to be reloaded. Turn off dnsmasq, wait a couple seconds, and then turn dnsmasq back on. There's a Pam command somewhere that can do this too, but at the moment I can't find it (would be a nice addition to the install script).

[tukoz]

Thanx gaesenrich but actually dnsmasq keeps failing to load names from /var/lib/hostsblock/hosts.block whether I turn it off & on again, or restart my box.

[gaenserich]

hmm...now that is a puzzler. I'm assuming that your permissions remain the same after reboot. Maybe /var/lib has a permission issue (should be chmod 755). It doesn't look like you are using ACLs or MAC (à la SELinux).

As a work around, you could change hosts.block to world-readable, e.g. add the following line to hostsblock.conf:

postprocess() {
    chmod 644 $HOME/hosts.block
    sudo systemctl reload dnsmasq.service
}

And make sure that /var/lib/hostsblock (and its parent directories) are world readable and executable (the latter allows contents to be seen).

[polymeter]

Hi, I have the same problem (using v0.999.6-3 on Arch), but your workaround seems to do the trick for me:

# systemctl status dnsmasq.service
...
Aug 16 20:18:52 xyz dnsmasq[1801]: read /var/lib/hostsblock/hosts.block - 665838 addresses

Still, I don't really understand why it did not work before. The file permissions are correct, and I can execute e.g. sudo -u dnsmasq tail /var/lib/hostsblock/hosts.block without problems. Also, sudo dnsmasq --no-daemon works fine, i.e. running as root without dropping privileges. But manually calling sudo dnsmasq -k -u dnsmasq (essentially what the systemd unit does) leads to "no permission" again.

Anyway, this does not seem to be a problem with hostsblock itself, right? Maybe we should check with the dnsmasq people. I'm currently using dnsmasq 2.77, how about you?

[YodaEmbedding]

Oddly enough, my /var/lib/hostsblock was at 750. Changed it to 755. dnsmasq can now access.

Running Arch. Installed hostsblock AUR package.

[gaenserich]

Hopefully fixed in 1a272e22638661f0f527310937189383a75bd2d1