[Dnsmasq-discuss] Reload configuration file

Simon Kelley simon@thekelleys.org.uk
Thu, 04 Nov 2004 16:44:10 +0000


mbraak@quinfox.com wrote:
> Hi list,
> 
> Is there a way to reload the configuration file without killing and
> restarting the dnsmasq process?
> The -HUP signal only reloads the /etc/hosts.conf and /etc/resolv.conf
> 
> Marcel
> 

There's no way to do that: the reason is that dnsmasq starts as root, 
does all the things that need root permissions (like opening sockets on 
priviledged ports and opening the DHCP lease file) and then permanently 
changes it's identity from root to nobody.

It does this as a security feature, even if an atacker gets control of 
the dnsmasq process, they can do far less harm as "nobody" then as "root".

Since changes to the configuration file could involve some root-only 
operations, there's no way for a running dnsmasq process to process it.
It cannot regain its root privileges (there would be no security 
advantage if it could). The only way to re-read the config file is to 
start a new dnsmasq process, running as root. Then it can re-do the 
"root" only stuff.

Cheers,

Simon.