From c53cc8d52b7d19cd0e9bcba4576b6be72672d717 Mon Sep 17 00:00:00 2001 From: Jacob Casper Date: Fri, 3 Apr 2020 00:20:48 -0500 Subject: [PATCH] Run service as non-root user --- mercuryms.service | 3 +++ setup.sh | 7 +++++++ 2 files changed, 10 insertions(+) create mode 100755 setup.sh diff --git a/mercuryms.service b/mercuryms.service index b132660..50044a8 100644 --- a/mercuryms.service +++ b/mercuryms.service @@ -4,6 +4,9 @@ After=network.target [Service] Type=simple +User=mercuryms +Group=mercuryms +WorkingDirectory=/usr/share/mercuryms ExecStart=/opt/mercuryms/bin/python /opt/mercuryms/mms-download.py Environment="MERCURYMS_PORT=9092" diff --git a/setup.sh b/setup.sh new file mode 100755 index 0000000..a4698ad --- /dev/null +++ b/setup.sh @@ -0,0 +1,7 @@ +#!/bin/bash + +mkdir -p /usr/share/mercuryms +groupadd mercuryms +useradd -g mercuryms -d /usr/share/mercuryms -s $(which nologin) mercuryms +chown mercuryms:mercuryms /usr/share/mercuryms +chmod 700 /usr/share/mercuryms -- 2.20.1