Adding run-as-user and a user with the folder as ~
This commit is contained in:
parent
6546bac3f5
commit
fc474c29fe
|
@ -2,9 +2,11 @@
|
||||||
After=network.target
|
After=network.target
|
||||||
|
|
||||||
[Service]
|
[Service]
|
||||||
ExecStart=/opt/oarc/linbpq/linbpq
|
ExecStart=/opt/oarc/bpq/linbpq
|
||||||
WorkingDirectory=/opt/oarc/linbpq
|
WorkingDirectory=/opt/oarc/bpq
|
||||||
Restart=always
|
Restart=always
|
||||||
|
User=linbpq
|
||||||
|
Group=linbpq
|
||||||
|
|
||||||
[Install]
|
[Install]
|
||||||
WantedBy=multi-user.target
|
WantedBy=multi-user.target
|
||||||
|
|
|
@ -1,16 +1,39 @@
|
||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
|
|
||||||
if [ "$1" = configure ]; then
|
if [ "$1" = configure ]; then
|
||||||
|
|
||||||
|
# if ! getent group linbpq >/dev/null; then
|
||||||
|
# addgroup --system --force-badname linbpq || true
|
||||||
|
# fi
|
||||||
|
|
||||||
|
echo "Creating/updating linbpq user account..."
|
||||||
|
adduser --system --group --home /opt/oarc/bpq \
|
||||||
|
--gecos "linbpq system user" --shell /bin/false \
|
||||||
|
--quiet --disabled-password linbpq || {
|
||||||
|
# adduser failed. Why?
|
||||||
|
if getent passwd linbpq >/dev/null ; then
|
||||||
|
echo "Non-system user linbpq found. I will not overwrite a non-system" >&2
|
||||||
|
echo "user. Remove the user and reinstall linbpq." >&2
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
# unknown adduser error, simply exit
|
||||||
|
exit 1
|
||||||
|
}
|
||||||
|
adduser linbpq dialout
|
||||||
|
chown :linbpq /opt/oarc/bpq
|
||||||
|
chmod 775 /opt/oarc/bpq
|
||||||
# If we have setcap is installed, set the requirements
|
# If we have setcap is installed, set the requirements
|
||||||
# which allows us to install our binaries without the setuid
|
# which allows us to install our binaries without the setuid
|
||||||
# bit.
|
# bit.
|
||||||
if command -v setcap > /dev/null; then
|
if command -v setcap > /dev/null; then
|
||||||
setcap "CAP_NET_ADMIN=ep CAP_NET_RAW=ep CAP_NET_BIND_SERVICE=ep" linbq
|
setcap "CAP_NET_ADMIN=ep CAP_NET_RAW=ep CAP_NET_BIND_SERVICE=ep" /opt/oarc/bpq/linbpq
|
||||||
else
|
else
|
||||||
echo "Setcap failed on /usr/sbin/linbpq, Features may be limited" >&2
|
echo "Setcap failed on /usr/sbin/linbpq, Features may be limited" >&2
|
||||||
fi
|
fi
|
||||||
else
|
else
|
||||||
echo "Setcap is not installed, Features may be limited" >&2
|
echo "Setcap is not installed, Features may be limited" >&2
|
||||||
|
|
||||||
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
#DEBHELPER#
|
#DEBHELPER#
|
||||||
|
|
Loading…
Reference in New Issue