FTLDNS/dnsmasq unknown user or group

Pi2MGc2 · December 20, 2020, 5:01pm

I'm trying to set up a standalone DNSFTL binary in a Docker scratch container. I've copied the required libraries in and mounted the required configs. DNSFTL does load up, but I'm getting an error:

dnsmasq: unknown user or group: scus

My Docker file:

FROM alpine:latest
RUN adduser --disabled-password --no-create-home scus scus

FROM scratch
COPY pihole-FTL /
COPY . /
COPY --from=0 /etc/passwd /etc/passwd
COPY --from=0 /etc/group /etc/group
USER scus
ENTRYPOINT ["/pihole-FTL"]

My dnsmasq.conf:

port=5555
user=scus
group=scus

The passwd and group files are present in container.
When I switch the image to Ubuntu or Debian FTLDNS loads up correctly.

I've narrowed down the dnsmasq code to this section in dnsmasq.c:

  if (daemon->username && !(ent_pw = getpwnam(daemon->username)))
    baduser = daemon->username;
  else if (daemon->groupname && !(gp = getgrnam(daemon->groupname)))
    baduser = daemon->groupname;

  if (baduser)
    die(_("unknown user or group: %s"), baduser, EC_BADCONF);

Only thing I can think of is whether the functions getpwnam and getgrnam aren't functioning correctly with the copied passwd and group files. I understand Docker base images to just contain files from the particular OS so it shouldn't affect system calls?

I've really no idea how I can sort this. I don't want to modify the code because I need to be able to reliably update the binary.

Would greatly appreciate any help on this. Thanks.

jfb · December 20, 2020, 5:50pm

Why this option as opposed to a full Pi-hole install?

Pi2MGc2 · December 20, 2020, 6:21pm

I have a Pihole container for each VLAN all using pretty much the same config, so I have to change each Pihole configuration whenever I make a change to one (and updates etc). Instead I'm looking to centrally manage this configuration (by means of a Pihole installation on the host) and then mount the relevant files to each FTLDNS container.

I'm using the scratch base to reduce the attack surface of each container, and to limit attacker operations if the FTLDNS process is successfully attacked.

Pi2MGc2 · December 21, 2020, 4:22pm

I seem to have found the solution to this problem:

To try and debug the error, I took some sample code from getpwnam(3) - Linux manual page (man7.org) and ran it in an Alpine container (I was getting the same error in Alpine containers). The code gave me the error no such file or directory. I searched and came across [c - Checking username: getpwnam / getpwnam_r: No such file or directory - Stack Overflow](c - Checking username: getpwnam / getpwnam_r: No such file or directory - Stack Overflow, which corrected the error for me (both in the Alpine and scratch containers).

Hopefully this can help anyone experiencing the same issues!

system · January 11, 2021, 9:40pm

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.