Use DynamicUser=yes in systemd-based Linux, but continue to specify the name of the...

diff --git a/Makefile.am b/Makefile.am
index d2b399256bd84148f07d75d6abccc9077282260e..1d694cf6f11dbb7b9ad47b41ac8bd9767c1a8642 100644 (file)
--- a/Makefile.am
+++ b/Makefile.am
@@ -19,13 +19,11 @@ endif
 
 install-exec-hook:
 if BUILD_FOR_LINUX
-# Note: NQPTP runs as user/group nqptp/nqptp on Linux.
-# Access is given via AmbientCapabilities in the service file.
-# If you want to run it from the command line, e.g. for debugging, run it as root user.
+# Note: 1. NQPTP runs as a dynamic user on systemd-based Linux.
+#       2. Access to ports 319 and 320 is given via AmbientCapabilities in the service file.
+# If you want to run NQPTP from the command line, e.g. for debugging, run it as root user.
 # no installer for System V
 if INSTALL_SYSTEMD_STARTUP
-       getent group nqptp &>/dev/null || groupadd -r nqptp &>/dev/null
-       getent passwd nqptp &> /dev/null || useradd -r -M -g nqptp -s /usr/sbin/nologin nqptp &>/dev/null
        [ -e $(DESTDIR)$(libdir)/systemd/system ] || mkdir -p $(DESTDIR)$(libdir)/systemd/system
 # don't replace a service file if it already exists...
        [ -e $(DESTDIR)$(libdir)/systemd/system/nqptp.service ] || cp nqptp.service $(DESTDIR)$(libdir)/systemd/system

diff --git a/nqptp.service.in b/nqptp.service.in
index 53e6a2e52b12b339d1a4bad491c930c7f819c3f8..08f6d809ec80184d42a166d549bf4fac8da276f2 100644 (file)
--- a/nqptp.service.in
+++ b/nqptp.service.in
@@ -7,7 +7,7 @@ Before=shairport-sync.service
 [Service]
 ExecStart=@prefix@/bin/nqptp
 User=nqptp
-Group=nqptp
+DynamicUser=yes
 AmbientCapabilities=CAP_NET_BIND_SERVICE
 
 [Install]