From: Michael Tremer <michael.tremer@ipfire.org>
Date: Mon, 18 Jul 2022 13:36:48 +0000 (+0000)
Subject: Run everything as a new unprivileged system user
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=67db1d8e2958f111bfe068aa4edf7db2229193d4;p=pbs.git

Run everything as a new unprivileged system user

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---

diff --git a/src/crontab/pakfire-build-service b/src/crontab/pakfire-build-service
index ce8c484f..ba2347ce 100644
--- a/src/crontab/pakfire-build-service
+++ b/src/crontab/pakfire-build-service
@@ -1,20 +1,20 @@
 # Send queued emails once a minute
-#* * * * *	pakfire	pakfire-build-service process-message-queue &>/dev/null
+#* * * * *		_pakfire	pakfire-build-service process-message-queue &>/dev/null
 
 # Synchronize repositories once every five minutes
-*/5 * * * *	pakfire	pakfire-build-service repo:sync
+*/5 * * * *		_pakfire	pakfire-build-service repo:sync
 
 # Cleanup
-*/5 * * * *	pakfire	pakfire-build-service cleanup
+*/5 * * * *		_pakfire	pakfire-build-service cleanup
 
 # Pull sources
-#*/5 * * * *	pakfire	pakfire-build-service pull-sources &>/dev/null
+#*/5 * * * *	_pakfire	pakfire-build-service pull-sources &>/dev/null
 
 # Dist
-#*/5 * * * *	pakfire	pakfire-build-service dist &>/dev/null
+#*/5 * * * *	_pakfire	pakfire-build-service dist &>/dev/null
 
 # Send updates to Bugzilla
-#*/5 * * * *	pakfire	pakfire-build-service send-bug-updates &>/dev/null
+#*/5 * * * *	_pakfire	pakfire-build-service send-bug-updates &>/dev/null
 
 # Run mirror check
-#*/30 * * * *	pakfire	pakfire-build-service check-mirrors &>/dev/null
+#*/30 * * * *	_pakfire	pakfire-build-service check-mirrors &>/dev/null
diff --git a/src/systemd/pakfire-hub.service.in b/src/systemd/pakfire-hub.service.in
index 34313c2f..f8bf5e13 100644
--- a/src/systemd/pakfire-hub.service.in
+++ b/src/systemd/pakfire-hub.service.in
@@ -4,7 +4,7 @@ After=network.target
 
 [Service]
 ExecStart=@bindir@/pakfire-hub --port=8001
-User=pakfire
+User=_pakfire
 
 [Install]
 WantedBy=multi-user.target
diff --git a/src/systemd/pakfire-web.service.in b/src/systemd/pakfire-web.service.in
index 1ac4d60a..2aeb57e9 100644
--- a/src/systemd/pakfire-web.service.in
+++ b/src/systemd/pakfire-web.service.in
@@ -4,8 +4,7 @@ After=network.target
 
 [Service]
 ExecStart=@bindir@/pakfire-web --port=9001
-User=nobody
-Group=nogroup
+User=_pakfire
 
 [Install]
 WantedBy=multi-user.target