Adding run-as-user and a user with the folder as ~

This commit is contained in:
Dave Hibberd 2023-08-28 21:41:31 +01:00
parent 6546bac3f5
commit fc474c29fe
No known key found for this signature in database
GPG Key ID: 03A1FB7A1904771B
2 changed files with 28 additions and 3 deletions

View File

@ -2,9 +2,11 @@
After=network.target
[Service]
ExecStart=/opt/oarc/linbpq/linbpq
WorkingDirectory=/opt/oarc/linbpq
ExecStart=/opt/oarc/bpq/linbpq
WorkingDirectory=/opt/oarc/bpq
Restart=always
User=linbpq
Group=linbpq
[Install]
WantedBy=multi-user.target

25
debian/postinst vendored
View File

@ -1,16 +1,39 @@
#!/bin/sh
if [ "$1" = configure ]; then
# if ! getent group linbpq >/dev/null; then
# addgroup --system --force-badname linbpq || true
# fi
echo "Creating/updating linbpq user account..."
adduser --system --group --home /opt/oarc/bpq \
--gecos "linbpq system user" --shell /bin/false \
--quiet --disabled-password linbpq || {
# adduser failed. Why?
if getent passwd linbpq >/dev/null ; then
echo "Non-system user linbpq found. I will not overwrite a non-system" >&2
echo "user. Remove the user and reinstall linbpq." >&2
exit 1
fi
# unknown adduser error, simply exit
exit 1
}
adduser linbpq dialout
chown :linbpq /opt/oarc/bpq
chmod 775 /opt/oarc/bpq
# If we have setcap is installed, set the requirements
# which allows us to install our binaries without the setuid
# bit.
if command -v setcap > /dev/null; then
setcap "CAP_NET_ADMIN=ep CAP_NET_RAW=ep CAP_NET_BIND_SERVICE=ep" linbq
setcap "CAP_NET_ADMIN=ep CAP_NET_RAW=ep CAP_NET_BIND_SERVICE=ep" /opt/oarc/bpq/linbpq
else
echo "Setcap failed on /usr/sbin/linbpq, Features may be limited" >&2
fi
else
echo "Setcap is not installed, Features may be limited" >&2
fi
#DEBHELPER#