The existing init scripts for dnscrypt-proxy call mkdir, touch, and chown to create files/directories with some specified permissions: mkdir "${rundir}" if [ -n "${runas_user}" ]; then touch "${DNSCRYPT_LOGFILE}" chown ${runas_user}:${runas_group} "${DNSCRYPT_LOGFILE}" chown -R ${runas_user}:${runas_group} "${rundir}" fi It would be better to use "checkpath" from OpenRC to create the directory/file. Checkpath is more portable, because it's part of OpenRC. It's also more secure, because chown will follow symlinks (change ownership of the target) while checkpath will not. It looks like this issue has already been addressed in bug #588462, where the attached init script does not call "chown" at all.
The bug has been closed in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0ee515fb8a5ff324983ec37c38ec1e2dc8d7aaa6 commit 0ee515fb8a5ff324983ec37c38ec1e2dc8d7aaa6 Author: Georgy Yakovlev <ya@sysdump.net> AuthorDate: 2017-08-07 20:52:14 +0000 Commit: Lars Wendler <polynomial-c@gentoo.org> CommitDate: 2017-11-07 08:48:03 +0000