mirror of https://github.com/dani/vroom.git
Update doc and unit to run as vroom user account
Also add some restriction in the provided unit
This commit is contained in:
parent
21d8c53218
commit
442a21f4b5
|
@ -5,9 +5,15 @@ After=mariadb.service
|
|||
[Service]
|
||||
Type=simple
|
||||
ExecStart=/opt/vroom/scripts/start_server.pl
|
||||
ExecReload=/bin/kill -USR2 $MAINPID
|
||||
PrivateTmp=yes
|
||||
User=apache
|
||||
Group=apache
|
||||
User=vroom
|
||||
Group=vroom
|
||||
SyslogIdentifier=vroom
|
||||
InaccessibleDirectories=/home
|
||||
ReadOnlyDirectories=/usr
|
||||
ReadOnlyDirectories=/etc
|
||||
Restart=on-failure
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
|
|
|
@ -240,9 +240,9 @@ echo "LoadModule proxy_wstunnel_module modules/mod_proxy_wstunnel.so" \\
|
|||
Set permissions on the cache directory
|
||||
</h3>
|
||||
<p>
|
||||
The <strong>cache</strong> directory must be writeable for the user running the VROOM daemon, which is apache in the provided systemd unit
|
||||
The <strong>cache</strong> directory must be writeable for the user running the VROOM daemon, which is <strong>vroom</strong> in the provided systemd unit
|
||||
<pre>
|
||||
chown -R apache ./cache
|
||||
chown -R vroom ./cache
|
||||
chmod 700 ./cache</pre>
|
||||
</p>
|
||||
|
||||
|
@ -250,8 +250,9 @@ chmod 700 ./cache</pre>
|
|||
Setup systemd units
|
||||
</h3>
|
||||
<p>
|
||||
Here, we'll copy the sample vroom.service unit so that systemd picks it up
|
||||
Here, we'll copy the sample vroom.service unit so that systemd picks it up, and create the vroom user account
|
||||
<pre>
|
||||
useradd -r -d /dev/null -s /sbin/nologin vroom
|
||||
cp /opt/vroom/docs/systemd/vroom.service /etc/systemd/system/
|
||||
systemctl daemon-reload
|
||||
systemctl enable vroom</pre>
|
||||
|
|
Loading…
Reference in New Issue