diff --git a/shadowsocks-libev-client.service b/shadowsocks-libev-client.service index 33ad664..dbf2c27 100644 --- a/shadowsocks-libev-client.service +++ b/shadowsocks-libev-client.service @@ -21,6 +21,8 @@ Type=forking PIDFile=/var/run/shadowsocks-libev-client.pid ExecStart=/usr/bin/ss-local -c /etc/shadowsocks/shadowsocks-libev-config.json -f /var/run/shadowsocks-libev-client.pid -u --fast-open Restart=on-failure +User=shadowsocks +Group=shadowsocks [Install] WantedBy=multi-user.target diff --git a/shadowsocks-libev-client@.service b/shadowsocks-libev-client@.service index 8d9e79a..9808e40 100644 --- a/shadowsocks-libev-client@.service +++ b/shadowsocks-libev-client@.service @@ -21,6 +21,8 @@ Type=forking PIDFile=/var/run/shadowsocks-libev-client@%i.pid ExecStart=/usr/bin/ss-local -c /etc/shadowsocks/%i.json -f /var/run/shadowsocks-libev-client@%i.pid -u --fast-open Restart=on-failure +User=shadowsocks +Group=shadowsocks [Install] WantedBy=multi-user.target diff --git a/shadowsocks-libev-manager.service b/shadowsocks-libev-manager.service index 334c229..6d0f6da 100644 --- a/shadowsocks-libev-manager.service +++ b/shadowsocks-libev-manager.service @@ -21,6 +21,8 @@ Type=forking PIDFile=/var/run/shadowsocks-libev-manager.pid ExecStart=/usr/bin/ss-manager -c /etc/shadowsocks/shadowsocks-libev-config.json -f /var/run/shadowsocks-libev-manager.pid -u --fast-open Restart=on-failure +User=shadowsocks +Group=shadowsocks [Install] WantedBy=multi-user.target diff --git a/shadowsocks-libev-nat.service b/shadowsocks-libev-nat.service index 961463d..150cdf5 100644 --- a/shadowsocks-libev-nat.service +++ b/shadowsocks-libev-nat.service @@ -21,6 +21,8 @@ Type=forking PIDFile=/var/run/shadowsocks-libev-nat.pid ExecStart=/usr/bin/ss-nat -c /etc/shadowsocks/shadowsocks-libev-config.json -f /var/run/shadowsocks-libev-nat.pid -u --fast-open Restart=on-failure +User=shadowsocks +Group=shadowsocks [Install] WantedBy=multi-user.target diff --git a/shadowsocks-libev-nat@.service b/shadowsocks-libev-nat@.service index 76ea729..9e7b167 100644 --- a/shadowsocks-libev-nat@.service +++ b/shadowsocks-libev-nat@.service @@ -21,6 +21,8 @@ Type=forking PIDFile=/var/run/shadowsocks-libev-nat@%i.pid ExecStart=/usr/bin/ss-nat -c /etc/shadowsocks/%i.json -f /var/run/shadowsocks-libev-nat@%i.pid -u --fast-open Restart=on-failure +User=shadowsocks +Group=shadowsocks [Install] WantedBy=multi-user.target diff --git a/shadowsocks-libev-redir.service b/shadowsocks-libev-redir.service index 6e0e9e3..654e257 100644 --- a/shadowsocks-libev-redir.service +++ b/shadowsocks-libev-redir.service @@ -21,6 +21,8 @@ Type=forking PIDFile=/var/run/shadowsocks-libev-redir.pid ExecStart=/usr/bin/ss-redir -c /etc/shadowsocks/shadowsocks-libev-config.json -f /var/run/shadowsocks-libev-redir.pid -u --fast-open Restart=on-failure +User=shadowsocks +Group=shadowsocks [Install] WantedBy=multi-user.target diff --git a/shadowsocks-libev-redir@.service b/shadowsocks-libev-redir@.service index 5c6896a..0caa433 100644 --- a/shadowsocks-libev-redir@.service +++ b/shadowsocks-libev-redir@.service @@ -21,6 +21,8 @@ Type=forking PIDFile=/var/run/shadowsocks-libev-redir@%i.pid ExecStart=/usr/bin/ss-redir -c /etc/shadowsocks/%i.json -f /var/run/shadowsocks-libev-redir@%i.pid -u --fast-open Restart=on-failure +User=shadowsocks +Group=shadowsocks [Install] WantedBy=multi-user.target diff --git a/shadowsocks-libev-server.service b/shadowsocks-libev-server.service index f08c3e0..8ff257d 100644 --- a/shadowsocks-libev-server.service +++ b/shadowsocks-libev-server.service @@ -21,6 +21,8 @@ Type=forking PIDFile=/var/run/shadowsocks-libev-server.pid ExecStart=/usr/bin/ss-server -c /etc/shadowsocks/shadowsocks-libev-config.json -f /var/run/shadowsocks-libev-server.pid -u --fast-open Restart=on-failure +User=shadowsocks +Group=shadowsocks [Install] WantedBy=multi-user.target diff --git a/shadowsocks-libev-server@.service b/shadowsocks-libev-server@.service index e9ed491..c241d1e 100644 --- a/shadowsocks-libev-server@.service +++ b/shadowsocks-libev-server@.service @@ -21,6 +21,8 @@ Type=forking PIDFile=/var/run/shadowsocks-libev-server@%i.pid ExecStart=/usr/bin/ss-server -c /etc/shadowsocks/%i.json -f /var/run/shadowsocks-libev-server@%i.pid -u --fast-open Restart=on-failure +User=shadowsocks +Group=shadowsocks [Install] WantedBy=multi-user.target diff --git a/shadowsocks-libev-tunnel.service b/shadowsocks-libev-tunnel.service index a3ad0bb..ea3cc93 100644 --- a/shadowsocks-libev-tunnel.service +++ b/shadowsocks-libev-tunnel.service @@ -21,6 +21,8 @@ Type=forking PIDFile=/var/run/shadowsocks-libev-tunnel.pid ExecStart=/usr/bin/ss-tunnel -c /etc/shadowsocks/shadowsocks-libev-config.json -f /var/run/shadowsocks-libev-tunnel.pid -u --fast-open Restart=on-failure +User=shadowsocks +Group=shadowsocks [Install] WantedBy=multi-user.target diff --git a/shadowsocks-libev-tunnel@.service b/shadowsocks-libev-tunnel@.service index ff6cddd..4ffa8d3 100644 --- a/shadowsocks-libev-tunnel@.service +++ b/shadowsocks-libev-tunnel@.service @@ -21,6 +21,8 @@ Type=forking PIDFile=/var/run/shadowsocks-libev-tunnel@%i.pid ExecStart=/usr/bin/ss-tunnel -c /etc/shadowsocks/%i.json -f /var/run/shadowsocks-libev-tunnel@%i.pid -u --fast-open Restart=on-failure +User=shadowsocks +Group=shadowsocks [Install] WantedBy=multi-user.target diff --git a/shadowsocks-libev.changes b/shadowsocks-libev.changes index fcc6719..cfb3c87 100644 --- a/shadowsocks-libev.changes +++ b/shadowsocks-libev.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Tue Oct 24 06:50:28 UTC 2023 - Hillwood Yang + +- Fix boo#1216372 and boo#1216373, run systemd service as a dedicated user and group + ------------------------------------------------------------------- Mon May 8 11:30:20 UTC 2023 - Jaime Marquínez Ferrándiz diff --git a/shadowsocks-libev.spec b/shadowsocks-libev.spec index 3995988..9abf660 100644 --- a/shadowsocks-libev.spec +++ b/shadowsocks-libev.spec @@ -57,6 +57,7 @@ BuildRequires: asciidoc BuildRequires: systemd-rpm-macros BuildRequires: xmlto BuildRequires: pkgconfig(systemd) +Requires(pre): shadow Recommends: shadowsocks-v2ray-plugin BuildRoot: %{_tmppath}/%{name}-%{version}-build %{?systemd_ordering} @@ -153,6 +154,10 @@ ln -sf %{_sbindir}/service %{buildroot}%{_sbindir}/rcshadowsocks-libev-tunnel@ %service_add_pre %{name}-nat@.service %service_add_pre %{name}-redir@.service %service_add_pre %{name}-tunnel@.service +getent group shadowsocks >/dev/null || %{_sbindir}/groupadd --system shadowsocks +getent passwd shadowsocks >/dev/null || %{_sbindir}/useradd --system -c "shadowsocks User" \ + -d %{_localstatedir}/shadowsocks -m -g shadowsocks -s %{_sbindir}/nologin \ + shadowsocks %post %service_add_post %{name}-server.service @@ -166,6 +171,7 @@ ln -sf %{_sbindir}/service %{buildroot}%{_sbindir}/rcshadowsocks-libev-tunnel@ %service_add_post %{name}-nat@.service %service_add_post %{name}-redir@.service %service_add_post %{name}-tunnel@.service +chown root:shadowsocks %{_sysconfdir}/shadowsocks -R %preun %service_del_preun %{name}-server.service