e62e31f00f
from forgejo:forgejo u=rwX,g=rwX,o=
to forgejo:forgejo u=rwX,g=rX,o=
- update apparmor profile to a profile that is less broad.
- create all directories before actually installing files
- make the HOME dir in the service file the same as the user
- migrate existing authorized keys files
from %{_datadir}/%{name}/.ssh/authorized_keys
to %{_sharedstatedir}/%{name}/data/home/.ssh/authorized_keys
- fix file list to lock down permissions more
- don't require the apparmor subpackage when apparmor is installed
the current profile is rather bad and it should be possible to
keep it out.
- user should actually use /var/lib/forgejo/data/home
OBS-URL: https://build.opensuse.org/package/show/devel:tools:scm/forgejo?expand=0&rev=53
4 lines
114 B
Plaintext
4 lines
114 B
Plaintext
# Type Name ID GECOS [HOME] Shell
|
|
g forgejo - - -
|
|
u forgejo - "Forgejo" /var/lib/forgejo/data/home /usr/bin/bash
|