From: Mike Brady <4265913+mikebrady@users.noreply.github.com>
Date: Mon, 1 Apr 2024 14:25:41 +0000 (+0100)
Subject: Use DynamicUser=yes in systemd-based Linux, but continue to specify the name of the... 
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a79ccaac472a759fc7bb62fbb826fcc07898211e;p=thirdparty%2Fnqptp.git

Use DynamicUser=yes in systemd-based Linux, but continue to specify the name of the user to be "nqptp"
---

diff --git a/Makefile.am b/Makefile.am
index d2b3992..1d694cf 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -19,13 +19,11 @@ endif
 
 install-exec-hook:
 if BUILD_FOR_LINUX
-# Note: NQPTP runs as user/group nqptp/nqptp on Linux.
-# Access is given via AmbientCapabilities in the service file.
-# If you want to run it from the command line, e.g. for debugging, run it as root user.
+# Note: 1. NQPTP runs as a dynamic user on systemd-based Linux.
+#       2. Access to ports 319 and 320 is given via AmbientCapabilities in the service file.
+# If you want to run NQPTP from the command line, e.g. for debugging, run it as root user.
 # no installer for System V
 if INSTALL_SYSTEMD_STARTUP
-	getent group nqptp &>/dev/null || groupadd -r nqptp &>/dev/null
-	getent passwd nqptp &> /dev/null || useradd -r -M -g nqptp -s /usr/sbin/nologin nqptp &>/dev/null
 	[ -e $(DESTDIR)$(libdir)/systemd/system ] || mkdir -p $(DESTDIR)$(libdir)/systemd/system
 # don't replace a service file if it already exists...
 	[ -e $(DESTDIR)$(libdir)/systemd/system/nqptp.service ] || cp nqptp.service $(DESTDIR)$(libdir)/systemd/system
diff --git a/nqptp.service.in b/nqptp.service.in
index 53e6a2e..08f6d80 100644
--- a/nqptp.service.in
+++ b/nqptp.service.in
@@ -7,7 +7,7 @@ Before=shairport-sync.service
 [Service]
 ExecStart=@prefix@/bin/nqptp
 User=nqptp
-Group=nqptp
+DynamicUser=yes
 AmbientCapabilities=CAP_NET_BIND_SERVICE
 
 [Install]