> The first thing that dhcpd.leases~ is backup of dhcpd.leases. > > Also, it seems that the service opens files before drop users, > that explains why it works. > > Also, without empty dhcpd.leases it won't start => touch here.
Perhaps use "install" to copy /dev/null to the file and set owner/group directly instead of touch+chown? install -o _isc-dhcp -g _isc-dhcp /dev/null /var/db/dhcpd/dhcpd.leases -- May the most significant bit of your life be positive.
