Update doc and unit to run as vroom user account

Also add some restriction in the provided unit
master
Daniel Berteaud 10 years ago
parent 21d8c53218
commit 442a21f4b5
  1. 10
      docs/systemd/vroom.service
  2. 7
      templates/default/documentation.html.ep

@ -5,9 +5,15 @@ After=mariadb.service
[Service] [Service]
Type=simple Type=simple
ExecStart=/opt/vroom/scripts/start_server.pl ExecStart=/opt/vroom/scripts/start_server.pl
ExecReload=/bin/kill -USR2 $MAINPID
PrivateTmp=yes PrivateTmp=yes
User=apache User=vroom
Group=apache Group=vroom
SyslogIdentifier=vroom
InaccessibleDirectories=/home
ReadOnlyDirectories=/usr
ReadOnlyDirectories=/etc
Restart=on-failure
[Install] [Install]
WantedBy=multi-user.target WantedBy=multi-user.target

@ -240,9 +240,9 @@ echo "LoadModule proxy_wstunnel_module modules/mod_proxy_wstunnel.so" \\
Set permissions on the cache directory Set permissions on the cache directory
</h3> </h3>
<p> <p>
The <strong>cache</strong> directory must be writeable for the user running the VROOM daemon, which is apache in the provided systemd unit The <strong>cache</strong> directory must be writeable for the user running the VROOM daemon, which is <strong>vroom</strong> in the provided systemd unit
<pre> <pre>
chown -R apache ./cache chown -R vroom ./cache
chmod 700 ./cache</pre> chmod 700 ./cache</pre>
</p> </p>
@ -250,8 +250,9 @@ chmod 700 ./cache</pre>
Setup systemd units Setup systemd units
</h3> </h3>
<p> <p>
Here, we'll copy the sample vroom.service unit so that systemd picks it up Here, we'll copy the sample vroom.service unit so that systemd picks it up, and create the vroom user account
<pre> <pre>
useradd -r -d /dev/null -s /sbin/nologin vroom
cp /opt/vroom/docs/systemd/vroom.service /etc/systemd/system/ cp /opt/vroom/docs/systemd/vroom.service /etc/systemd/system/
systemctl daemon-reload systemctl daemon-reload
systemctl enable vroom</pre> systemctl enable vroom</pre>

Loading…
Cancel
Save