Provided by: resolvconf-admin_0.3-1build1_amd64 bug

NAME
       resolvconf-admin - a setuid program for setting up DNS resolution


SYNOPSIS
       resolvconf-admin add NETIF [-s SEARCH] [-d DOMAIN] NAMESERVER [...]

       resolvconf-admin del NETIF


DESCRIPTION
       This  setuid  program  allows specific non-privileged users to invoke /sbin/resolvconf (if it is present)
       with a constrained argument to add or remove DNS resolvers; or, if /sbin/resolvconf is not executable, it
       can replace /etc/resolv.conf.

       This is useful, for example, for running a DHCP client as a non-privileged user.

       When the non-privileged user wants to set up the  DNS  resolvers  due  to  information  it  learned  from
       interface NETIF, it should invoke:

              resolvconf-admin add NETIF [-s SEARCH] [-d DOMAIN] NAMESERVER [...]

       Note that DNS search path and domain name are optional.  However, at least one nameserver is required.

       When  the  non-privileged user wants to tear down the DNS resolver information that it had previously set
       for interface NETIF, it should invoke:

              resolvconf-admin del NETIF


WARNING
       A better (non-suid) approach for setting up the DNS in a non-privileged way is to make  an  authenticated
       IPC  call  to  some  running  daemon  that  already manages the local DNS resolution configuration (e.g.,
       systemd-resolved(8)).  However, some systems do not run such a daemon, so we offer this  setuid  approach
       instead, for those limited systems only.

       This  setuid  program  should  not  be installed on systems that already run such a daemon, because every
       setuid program increases the attack surface of the operating system.

       DO NOT INSTALL THIS TOOL IF YOU HAVE BETTER OPTIONS AVAILABLE TO YOU!


INTERLEAVED OPERATION WITHOUT RESOLVCONF(8)
       On a system where resolvconf(8) is not installed, the behavior  is  not  very  sophisticated.   On  these
       systems:

       • The   first   time  resolvconf-admin  add  is  invoked,  the  old  /etc/resolv.conf  is  backed  up  to
         /etc/resolv.conf.bak.resolvconf-admin.

       • The first time resolvconf-admin del is invoked, the backed up file is restored.

       If multiple daemons (or a single daemon monitoring multiple sources of DNS resolver information)  invokes
       resolvconf-admin  in  an interleaved fashion (e.g. two adds before a del), this will almost certainly not
       be the behavior that you want.  If your system is likely to have this kind of interleaved  operation,  it
       should also have resolvconf(8) installed.


SEE ALSO
       resolvconf(8), resolv.conf(5), systemd-resolved(8)


AUTHORS
       Daniel Kahn Gillmor dkg@fifthhorseman.net

                                                 2017 September                              RESOLVCONF-ADMIN(1)