diff --git a/shadowsocks-rust-client.service b/shadowsocks-rust-client.service index 010d4fa..3d8dd01 100644 --- a/shadowsocks-rust-client.service +++ b/shadowsocks-rust-client.service @@ -21,6 +21,8 @@ Type=forking PIDFile=/var/run/shadowsocks-rust-client.pid ExecStart=/usr/bin/sslocal --log-without-time -c /etc/shadowsocks/shadowsocks-rust.json --tcp-fast-open Restart=on-failure +User=shadowsocks +Group=shadowsocks [Install] WantedBy=multi-user.target diff --git a/shadowsocks-rust-manager.service b/shadowsocks-rust-manager.service index 78f985e..d91d52d 100644 --- a/shadowsocks-rust-manager.service +++ b/shadowsocks-rust-manager.service @@ -21,6 +21,8 @@ Type=forking PIDFile=/var/run/shadowsocks-rust-manager.pid ExecStart=/usr/bin/ssmanager --log-without-time -c /etc/shadowsocks/shadowsocks-rust.json --tcp-fast-open Restart=on-failure +User=shadowsocks +Group=shadowsocks [Install] WantedBy=multi-user.target diff --git a/shadowsocks-rust-server.service b/shadowsocks-rust-server.service index 046d91e..590a7a6 100644 --- a/shadowsocks-rust-server.service +++ b/shadowsocks-rust-server.service @@ -21,6 +21,8 @@ Type=forking PIDFile=/var/run/shadowsocks-rust-server.pid ExecStart=/usr/bin/ssserver --log-without-time -c /etc/shadowsocks/shadowsocks-rust.json --tcp-fast-open Restart=on-failure +User=shadowsocks +Group=shadowsocks [Install] WantedBy=multi-user.target diff --git a/shadowsocks-rust.changes b/shadowsocks-rust.changes index f16c7af..9e3c0f5 100644 --- a/shadowsocks-rust.changes +++ b/shadowsocks-rust.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Tue Oct 24 14:38:46 UTC 2023 - Hillwood Yang + +- Fix boo#1216372 and boo#1216373, run systemd service as a dedicated user and group + ------------------------------------------------------------------- Mon Sep 25 14:02:49 UTC 2023 - Hillwood Yang diff --git a/shadowsocks-rust.spec b/shadowsocks-rust.spec index e15477b..d3a896c 100644 --- a/shadowsocks-rust.spec +++ b/shadowsocks-rust.spec @@ -33,6 +33,7 @@ BuildRequires: cargo BuildRequires: cargo-packaging BuildRequires: systemd-rpm-macros BuildRequires: pkgconfig(openssl) +Requires(pre): shadow Recommends: shadowsocks-v2ray-plugin # ExcludeArch: ppc ppc64 ppc64le s390 s390x %{?systemd_ordering} @@ -76,11 +77,16 @@ ln -sf %{_sbindir}/service %{buildroot}%{_sbindir}/rc%{name}-manager %service_add_pre %{name}-client.service %service_add_pre %{name}-server.service %service_add_pre %{name}-manager.service +getent group shadowsocks >/dev/null || %{_sbindir}/groupadd --system shadowsocks +getent passwd shadowsocks >/dev/null || %{_sbindir}/useradd --system -c "shadowsocks User" \ + -d %{_localstatedir}/shadowsocks -m -g shadowsocks -s %{_sbindir}/nologin \ + shadowsocks %post %service_add_post %{name}-client.service %service_add_post %{name}-server.service %service_add_post %{name}-manager.service +chown root:shadowsocks %{_sysconfdir}/shadowsocks -R %preun %service_del_preun %{name}-client.service @@ -99,6 +105,7 @@ ln -sf %{_sbindir}/service %{buildroot}%{_sbindir}/rc%{name}-manager %{_sbindir}/rc%{name}-* %{_unitdir}/%{name}-*.service %dir %{_sysconfdir}/shadowsocks +# %config(noreplace) %attr(660,%{name},root) %{_sysconfdir}/shadowsocks %config %{_sysconfdir}/shadowsocks/%{name}.json %changelog