Chown config file after writing (if root)

[DL6ER]

What does this implement/fix?

In case a user calls sudo pihole --config ..., the config will be owned by root and editing via the API (unprivileged user pihole) becomes impossible. This PR ensures the config file is chowned after writing if the FTL process is executed as root (UID == 0).

Related issue or feature (if applicable): N/A

Pull request in docs with documentation (if applicable): N/A

---

By submitting this pull request, I confirm the following:

1. I have read and understood the contributors guide, as well as this entire template. I understand which branch to base my commits and Pull Requests against.
2. I have commented my proposed changes within the code.
3. I am willing to help maintain this change if there are issues with it later.
4. It is compatible with the EUPL 1.2 license
5. I have squashed any insignificant commits. (git rebase)

Checklist:

• The code change is tested and works locally.
• I based my code and PRs against the repositories developmental branch.
• I signed off all commits. Pi-hole enforces the DCO for all contributions
• I signed all my commits. Pi-hole requires signatures to verify authorship
• I have read the above and my PR is ready for review.

[yubiuser]

Usually FTL is started as root and drops privileges later. Could we add a check to also modify file permissions right at the FTL start so we could catch the situation where file permissions were changed outside of FTL (manually)

[DL6ER]

Usually FTL is started as root

As a fallback, yes, but "usually", no. I disagree.

• https://github.com/pi-hole/pi-hole/blob/6a45c6a8e027e1ac30d4556a88f31684bc80ccf1/advanced/Templates/pihole-FTL.systemd#L19
• https://github.com/pi-hole/pi-hole/blob/6a45c6a8e027e1ac30d4556a88f31684bc80ccf1/advanced/Templates/pihole-FTL.service#L41

In the docker world, it is started as always started as root but this is currently changing too (@PromoFaux is actively working on this).

As such, I'm not convinced such a chown-after-start will really ever be used.

[PromoFaux]

In the docker world, it is started as always started as root

Actually just to clarify on this, in the released images it is started as pihole (or whatever $DNSMASQ_USER is) it was only in calling pihole-FTL --config blah blah blah in the newer v6 that I realised this was an issue. The main FTL process was still being started as the pihole user

[PromoFaux]

The rotation/backup file may need to be included in this too?

test  | 2023-07-09 17:32:15.671 [229M] INFO: FTL user: pihole
test  | 2023-07-09 17:32:15.671 [229M] INFO: Compiled for linux/amd64 (compiled on CI) using cc (Alpine 12.2.1_git20220924-r10) 12.2.1 20220924
test  | 2023-07-09 17:32:15.672 [229M] WARNING: copy_file(): Failed to open "/etc/pihole/config_backups/pihole.toml.1" for writing: Permission denied
test  | 2023-07-09 17:32:15.672 [229M] WARNING: Rotation /etc/pihole/pihole.toml -(COPY)> /etc/pihole/config_backups/pihole.toml.1 failed
test  | 2023-07-09 17:32:15.672 [229M] INFO: Writing config file
test  | 2023-07-09 17:32:15.672 [229M] WARNING: copy_file(): Failed to open "/etc/pihole/config_backups/dnsmasq.conf.1" for writing: Permission denied
test  | 2023-07-09 17:32:15.672 [229M] WARNING: Rotation /etc/pihole/dnsmasq.conf -(COPY)> /etc/pihole/config_backups/dnsmasq.conf.1 failed
test  | 2023-07-09 17:32:15.672 [229M] WARNING: copy_file(): Failed to open "/etc/pihole/config_backups/custom.list.1" for writing: Permission denied
test  | 2023-07-09 17:32:15.672 [229M] WARNING: Rotation /etc/pihole/custom.list -(COPY)> /etc/pihole/config_backups/custom.list.1 failed
test  | 2023-07-09 17:32:15.672 [229M] ERR: Cannot open /etc/pihole/custom.list for writing, unable to update custom.list: Permission denied
test  | 2023-07-09 17:32:15.673 [229M] INFO: PID of FTL process: 229