[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: init system policy

On 18/11/2014 17:39, Matthias Urlichs wrote:

Text emails, please.

I alway forget that in my company my mailer is configured for html as outlook discussion cut is absurd...

You _can_ do

     ExecStart=sudo -u $USER_MINIDLNA -g GROUP_MINIDLNA /usr/sbin/minidlnad -S

but that's not the optimal solution here.

Yes not really. And given the number of damons that chnage the uid/gid, it would rather be good to define a best practice!!!

It's better IMHO to use a fixed user in your packaging -- why should that
user be configurable in the first place? If the sysadmin _really_ needs to
use a different user+group, they can add an overriding unit file to
/etc/systemd/system/ (files get merged, so no need to copy the whole thing).

That's typical: instead of answering the question, you try to say the actual packaging is absurd. Its current debian packaging for systemv! The system V init script has the ability to change the user and this is really useful because the multimedia file are likely owned by you and in your home directory by daemon and not minidlna and why should you belong to minidlna group?...

And running anything that use upnp as root I suggest to not do for security reasons...

     ExecStartPre=/bin/mkdir -p /var/run/minidlna

You might want to use this opportunity to replace /var/run with /run.


Also, one ExecStartPre stanza is sufficient:

	ExecStartPre=/usr/bin/install -o %u -g %g -m 0750 -d /run/minidlna

But again this does not really slpit the script to configurable option that will not be overwritten when upgrading...

Reply to: