from forgejo:forgejo u=rwX,g=rwX,o= to forgejo:forgejo u=rwX,g=rX,o= - update apparmor profile to a profile that is less broad. - create all directories before actually installing files - make the HOME dir in the service file the same as the user - migrate existing authorized keys files from %{_datadir}/%{name}/.ssh/authorized_keys to %{_sharedstatedir}/%{name}/data/home/.ssh/authorized_keys - fix file list to lock down permissions more - don't require the apparmor subpackage when apparmor is installed the current profile is rather bad and it should be possible to keep it out. - user should actually use /var/lib/forgejo/data/home OBS-URL: https://build.opensuse.org/package/show/devel:tools:scm/forgejo?expand=0&rev=53
4 lines
114 B
Plaintext
4 lines
114 B
Plaintext
# Type Name ID GECOS [HOME] Shell
|
|
g forgejo - - -
|
|
u forgejo - "Forgejo" /var/lib/forgejo/data/home /usr/bin/bash
|