lacme/debian/lacme.postinst, branch debian/0.8.1-1 Small ACME client written with process isolation and minimal privileges in mind Use dedicated system users for internal components. 2021-02-22T02:31:12+00:00 Guilhem Moulin guilhem@debian.org 2021-02-14T23:32:29+00:00 a321c90db4a6d323f1a9bc06c4d861cee8868664 * The internal webserver now runs as a dedicated system user _lacme-www (and group nogroup) instead of www-data:www-data. This is configurable in the [webserver] section of the lacme(8) configuration file. * The internal ACME client now runs as a dedicated system user _lacme-client (and group nogroup) instead of nobody:nogroup. This is configurable in the [client] section of the lacme(8) configuration file. * The _lacme-www and _lacme-client system users are created automatically by lacme.postinst (hence a new Depends: adduser), and deleted on purge. (So make sure not to chown any file to these internal users.) 
  * The internal webserver now runs as a dedicated system user _lacme-www
    (and group nogroup) instead of www-data:www-data.  This is configurable
    in the [webserver] section of the lacme(8) configuration file.
  * The internal ACME client now runs as a dedicated system user _lacme-client
    (and group nogroup) instead of nobody:nogroup.  This is configurable in
    the [client] section of the lacme(8) configuration file.
  * The _lacme-www and _lacme-client system users are created automatically by
    lacme.postinst (hence a new Depends: adduser), and deleted on purge.  (So
    make sure not to chown any file to these internal users.)