From: Jacob Casper <dev@jacobcasper.com>
Date: Fri, 3 Apr 2020 05:20:48 +0000 (-0500)
Subject: Run service as non-root user
X-Git-Url: https://git.jacobcasper.com/?p=mercuryms.git;a=commitdiff_plain;h=c53cc8d52b7d19cd0e9bcba4576b6be72672d717

Run service as non-root user
---

diff --git a/mercuryms.service b/mercuryms.service
index b132660..50044a8 100644
--- a/mercuryms.service
+++ b/mercuryms.service
@@ -4,6 +4,9 @@ After=network.target
 
 [Service]
 Type=simple
+User=mercuryms
+Group=mercuryms
+WorkingDirectory=/usr/share/mercuryms
 ExecStart=/opt/mercuryms/bin/python /opt/mercuryms/mms-download.py
 Environment="MERCURYMS_PORT=9092"
 
diff --git a/setup.sh b/setup.sh
new file mode 100755
index 0000000..a4698ad
--- /dev/null
+++ b/setup.sh
@@ -0,0 +1,7 @@
+#!/bin/bash
+
+mkdir -p /usr/share/mercuryms
+groupadd mercuryms
+useradd -g mercuryms -d /usr/share/mercuryms -s $(which nologin) mercuryms
+chown mercuryms:mercuryms /usr/share/mercuryms
+chmod 700 /usr/share/mercuryms