Provided by: resolvconf-admin_0.3-1_amd64 bug

NAME
       resolvconf-admin - a setuid program for setting up DNS resolution


SYNOPSIS
       resolvconf-admin add NETIF [-s SEARCH] [-d DOMAIN] NAMESERVER [...]

       resolvconf-admin del NETIF


DESCRIPTION
       This  setuid  program  allows specific non-privileged users to invoke /sbin/resolvconf (if it is present)
       with a constrained argument to add or remove DNS resolvers; or, if /sbin/resolvconf is not executable, it
       can replace /etc/resolv.conf.

       This is useful, for example, for running a DHCP client as a non-privileged user.

       When the non-privileged user wants to set up the DNS resolvers due to information it learned from  inter‐
       face NETIF, it should invoke:

              resolvconf-admin add NETIF [-s SEARCH] [-d DOMAIN] NAMESERVER [...]

       Note that DNS search path and domain name are optional.  However, at least one nameserver is required.

       When  the  non-privileged user wants to tear down the DNS resolver information that it had previously set
       for interface NETIF, it should invoke:

              resolvconf-admin del NETIF


WARNING
       A better (non-suid) approach for setting up the DNS in a non-privileged way is to make  an  authenticated
       IPC  call  to some running daemon that already manages the local DNS resolution configuration (e.g., sys‐
       temd-resolved(8)).  However, some systems do not run such a daemon, so we offer this setuid approach  in‐
       stead, for those limited systems only.

       This  setuid program should not be installed on systems that already run such a daemon, because every se‐
       tuid program increases the attack surface of the operating system.

       DO NOT INSTALL THIS TOOL IF YOU HAVE BETTER OPTIONS AVAILABLE TO YOU!


INTERLEAVED OPERATION WITHOUT RESOLVCONF(8)
       On a system where resolvconf(8) is not installed, the behavior is not very sophisticated.  On these  sys‐
       tems:

       • The  first  time  resolvconf-admin add  is  invoked,  the old /etc/resolv.conf is backed up to /etc/re‐
         solv.conf.bak.resolvconf-admin.

       • The first time resolvconf-admin del is invoked, the backed up file is restored.

       If multiple daemons (or a single daemon monitoring multiple sources of DNS resolver information)  invokes
       resolvconf-admin  in an interleaved fashion (e.g.  two adds before a del), this will almost certainly not
       be the behavior that you want.  If your system is likely to have this kind of interleaved  operation,  it
       should also have resolvconf(8) installed.


SEE ALSO
       resolvconf(8), resolv.conf(5), systemd-resolved(8)


AUTHORS
       Daniel Kahn Gillmor <dkg@fifthhorseman.net>.

                                                 2017 September                              RESOLVCONF-ADMIN(1)