mirror of
https://github.com/stalwartlabs/mail-server.git
synced 2024-09-20 07:16:18 +08:00
Drop root privileges in systemd unit (#402)
This commit is contained in:
parent
8c224290aa
commit
b5a5858ec2
|
@ -115,7 +115,6 @@ main() {
|
||||||
# Create service file
|
# Create service file
|
||||||
say "🚀 Starting service..."
|
say "🚀 Starting service..."
|
||||||
if [ "${_os}" = "linux" ]; then
|
if [ "${_os}" = "linux" ]; then
|
||||||
printf "\n[server.run-as]\nuser = \"stalwart-mail\"\ngroup = \"stalwart-mail\"\n" >> "$_dir/etc/config.toml"
|
|
||||||
create_service_linux "$_dir"
|
create_service_linux "$_dir"
|
||||||
elif [ "${_os}" = "macos" ]; then
|
elif [ "${_os}" = "macos" ]; then
|
||||||
create_service_macos "$_dir"
|
create_service_macos "$_dir"
|
||||||
|
@ -148,6 +147,9 @@ RestartSec=5
|
||||||
ExecStart=__PATH__/bin/stalwart-mail --config=__PATH__/etc/config.toml
|
ExecStart=__PATH__/bin/stalwart-mail --config=__PATH__/etc/config.toml
|
||||||
PermissionsStartOnly=true
|
PermissionsStartOnly=true
|
||||||
SyslogIdentifier=stalwart-mail
|
SyslogIdentifier=stalwart-mail
|
||||||
|
User=stalwart-mail
|
||||||
|
Group=stalwart-mail
|
||||||
|
AmbientCapabilities=CAP_NET_BIND_SERVICE
|
||||||
|
|
||||||
[Install]
|
[Install]
|
||||||
WantedBy=multi-user.target
|
WantedBy=multi-user.target
|
||||||
|
|
|
@ -14,6 +14,9 @@ RestartSec=5
|
||||||
ExecStart=__PATH__/bin/stalwart-mail --config=__PATH__/etc/config.toml
|
ExecStart=__PATH__/bin/stalwart-mail --config=__PATH__/etc/config.toml
|
||||||
PermissionsStartOnly=true
|
PermissionsStartOnly=true
|
||||||
SyslogIdentifier=stalwart-mail
|
SyslogIdentifier=stalwart-mail
|
||||||
|
User=stalwart-mail
|
||||||
|
Group=stalwart-mail
|
||||||
|
AmbientCapabilities=CAP_NET_BIND_SERVICE
|
||||||
|
|
||||||
[Install]
|
[Install]
|
||||||
WantedBy=multi-user.target
|
WantedBy=multi-user.target
|
||||||
|
|
Loading…
Reference in a new issue