#!/usr/bin/env sh ### BEGIN INIT INFO # Provides: pihole-FTL # Required-Start: $remote_fs $syslog $network # Required-Stop: $remote_fs $syslog $network # Default-Start: 2 3 4 5 # Default-Stop: 0 1 6 # Short-Description: pihole-FTL daemon # Description: Enable service provided by pihole-FTL daemon ### END INIT INFO # Global variables FTLCONFFILE="/etc/pihole/pihole-FTL.conf" DEFAULT_PID_FILE="/run/pihole-FTL.pid" DEFAULT_PORT_FILE="/run/pihole-FTL.port" FTL_PID='' # Get the file path of the pihole-FTL.pid file getFTLPIDFile() { if [ -s "${FTLCONFFILE}" ]; then # if PIDFILE is not set in pihole-FTL.conf, use the default path FTL_PID_FILE="$({ grep '^PIDFILE=' "${FTLCONFFILE}" || echo "${DEFAULT_PID_FILE}"; } | cut -d'=' -f2-)" else # if there is no pihole-FTL.conf, use the default path FTL_PID_FILE="${DEFAULT_PID_FILE}" fi } # Get the PID of the FTL process based on the content of the pihole-FTL.pid file getFTLPID() { if [ -s "${FTL_PID_FILE}" ]; then # -s: FILE exists and has a size greater than zero FTL_PID="$(cat "${FTL_PID_FILE}")" # Exploit prevention: unset the variable if there is malicious content # Verify that the value read from the file is numeric expr "${FTL_PID}" : "[^[:digit:]]" > /dev/null && unset FTL_PID fi # If FTL is not running, or the PID file contains malicious stuff, substitute # negative PID to signal this FTL_PID=${FTL_PID:=-1} } # Get the file path of the pihole-FTL.port file getFTLPortFile() { if [ -s "${FTLCONFFILE}" ]; then # if PORTFILE is not set in pihole-FTL.conf, use the default path FTL_PORT_FILE="$({ grep '^PORTFILE=' "${FTLCONFFILE}" || echo "${DEFAULT_PORT_FILE}"; } | cut -d'=' -f2-)" else # if there is no pihole-FTL.conf, use the default path FTL_PORT_FILE="${DEFAULT_PORT_FILE}" fi } is_running() { if [ -d "/proc/${FTL_PID}" ]; then return 0 fi return 1 } # Start the service start() { if is_running; then echo "pihole-FTL is already running" else # Touch files to ensure they exist (create if non-existing, preserve if existing) mkdir -pm 0755 /run/pihole mkdir -pm 0755 /var/log/pihole [ ! -f "${FTL_PID_FILE}" ] && install -m 644 -o pihole -g pihole /dev/null "${FTL_PID_FILE}" [ ! -f "${FTL_PORT_FILE}" ] && install -m 644 -o pihole -g pihole /dev/null "${FTL_PORT_FILE}" [ ! -f /var/log/pihole/pihole-FTL.log ] && install -m 644 -o pihole -g pihole /dev/null /var/log/pihole/pihole-FTL.log [ ! -f /var/log/pihole/pihole.log ] && install -m 644 -o pihole -g pihole /dev/null /var/log/pihole/pihole.log [ ! -f /etc/pihole/dhcp.leases ] && install -m 644 -o pihole -g pihole /dev/null /etc/pihole/dhcp.leases # Ensure that permissions are set so that pihole-FTL can edit all necessary files chown pihole:pihole /run/pihole /etc/pihole /var/log/pihole /var/log/pihole/pihole-FTL.log /var/log/pihole/pihole.log /etc/pihole/dhcp.leases # Ensure that permissions are set so that pihole-FTL can edit the files. We ignore errors as the file may not (yet) exist chmod -f 0644 /etc/pihole/macvendor.db /etc/pihole/dhcp.leases /var/log/pihole/pihole-FTL.log /var/log/pihole/pihole.log # Chown database files to the user FTL runs as. We ignore errors as the files may not (yet) exist chown -f pihole:pihole /etc/pihole/pihole-FTL.db /etc/pihole/gravity.db /etc/pihole/macvendor.db # Chown database file permissions so that the pihole group (web interface) can edit the file. We ignore errors as the files may not (yet) exist chmod -f 0664 /etc/pihole/pihole-FTL.db # Backward compatibility for user-scripts that still expect log files in /var/log instead of /var/log/pihole/ # Should be removed with Pi-hole v6.0 if [ ! -f /var/log/pihole.log ]; then ln -s /var/log/pihole/pihole.log /var/log/pihole.log chown pihole:pihole /var/log/pihole.log chmod -f 0644 /var/log/pihole.log fi if [ ! -f /var/log/pihole-FTL.log ]; then ln -s /var/log/pihole/pihole-FTL.log /var/log/pihole-FTL.log chown pihole:pihole /var/log/pihole-FTL.log chmod -f 0644 /var/log/pihole-FTL.log fi if setcap CAP_NET_BIND_SERVICE,CAP_NET_RAW,CAP_NET_ADMIN,CAP_SYS_NICE,CAP_IPC_LOCK,CAP_CHOWN+eip "/usr/bin/pihole-FTL"; then su -s /bin/sh -c "/usr/bin/pihole-FTL" pihole else echo "Warning: Starting pihole-FTL as root because setting capabilities is not supported on this system" /usr/bin/pihole-FTL fi echo fi } # Stop the service stop() { if is_running; then kill "${FTL_PID}" for i in 1 2 3 4 5; do if ! is_running; then break fi printf "." sleep 1 done echo if is_running; then echo "Not stopped; may still be shutting down or shutdown may have failed, killing now" kill -9 "${FTL_PID}" else echo "Stopped" fi else echo "Not running" fi # Cleanup rm -f /run/pihole/FTL.sock /dev/shm/FTL-* "${FTL_PID_FILE}" "${FTL_PORT_FILE}" echo } # Indicate the service status status() { if is_running; then echo "[ ok ] pihole-FTL is running" exit 0 else echo "[ ] pihole-FTL is not running" exit 1 fi } ### main logic ### # Get file paths getFTLPIDFile getFTLPortFile # Get FTL's current PID getFTLPID case "$1" in stop) stop ;; status) status ;; start|restart|reload|condrestart) stop start ;; *) echo "Usage: $0 {start|stop|restart|reload|status}" exit 1 esac exit 0