Run service as non-root user

diff --git a/mercuryms.service b/mercuryms.service
index b132660..50044a8 100644 (file)
--- a/mercuryms.service
+++ b/mercuryms.service
@@ -4,6 +4,9 @@ After=network.target
 
 [Service]
 Type=simple
+User=mercuryms
+Group=mercuryms
+WorkingDirectory=/usr/share/mercuryms
 ExecStart=/opt/mercuryms/bin/python /opt/mercuryms/mms-download.py
 Environment="MERCURYMS_PORT=9092"
 

diff --git a/setup.sh b/setup.sh
new file mode 100755 (executable)
index 0000000..a4698ad
--- /dev/null
+++ b/setup.sh
@@ -0,0 +1,7 @@
+#!/bin/bash
+
+mkdir -p /usr/share/mercuryms
+groupadd mercuryms
+useradd -g mercuryms -d /usr/share/mercuryms -s $(which nologin) mercuryms
+chown mercuryms:mercuryms /usr/share/mercuryms
+chmod 700 /usr/share/mercuryms