stalwartlabs/mail-server
1
1
Fork 0
mirror of https://github.com/stalwartlabs/mail-server.git synced 2024-09-20 07:16:18 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

Drop root privileges in systemd unit (#402)

Browse source
This commit is contained in:
Lukas Lihotzki 2024-05-06 14:53:04 +02:00 committed by GitHub
parent 8c224290aa
commit b5a5858ec2
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 6 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
install.sh
View file

@ -115,7 +115,6 @@ main() {
# Create service file # Create service file
say "🚀 Starting service..." say "🚀 Starting service..."
if [ "${_os}" = "linux" ]; then if [ "${_os}" = "linux" ]; then
printf "\n[server.run-as]\nuser = \"stalwart-mail\"\ngroup = \"stalwart-mail\"\n" >> "$_dir/etc/config.toml"
create_service_linux "$_dir" create_service_linux "$_dir"
elif [ "${_os}" = "macos" ]; then elif [ "${_os}" = "macos" ]; then
create_service_macos "$_dir" create_service_macos "$_dir"
@ -148,6 +147,9 @@ RestartSec=5
ExecStart=__PATH__/bin/stalwart-mail --config=__PATH__/etc/config.toml ExecStart=__PATH__/bin/stalwart-mail --config=__PATH__/etc/config.toml
PermissionsStartOnly=true PermissionsStartOnly=true
SyslogIdentifier=stalwart-mail SyslogIdentifier=stalwart-mail
User=stalwart-mail
Group=stalwart-mail
AmbientCapabilities=CAP_NET_BIND_SERVICE
[Install] [Install]
WantedBy=multi-user.target WantedBy=multi-user.target

3
resources/systemd/stalwart-mail.service
View file

@ -14,6 +14,9 @@ RestartSec=5
ExecStart=__PATH__/bin/stalwart-mail --config=__PATH__/etc/config.toml ExecStart=__PATH__/bin/stalwart-mail --config=__PATH__/etc/config.toml
PermissionsStartOnly=true PermissionsStartOnly=true
SyslogIdentifier=stalwart-mail SyslogIdentifier=stalwart-mail
User=stalwart-mail
Group=stalwart-mail
AmbientCapabilities=CAP_NET_BIND_SERVICE
[Install] [Install]
WantedBy=multi-user.target WantedBy=multi-user.target