diff options
| author | Guilhem Moulin <guilhem@fripost.org> | 2020-12-09 20:28:46 +0100 |
|---|---|---|
| committer | Guilhem Moulin <guilhem@fripost.org> | 2020-12-09 20:28:46 +0100 |
| commit | 61e4ad1347f51a84400cbf87633cc99f657f9ad7 (patch) | |
| tree | 793203c0dd6f829facb67afb10db87bc86de44a8 /config | |
| parent | e751a1e0215342be52da2c086ad2e7bc8901229e (diff) | |
Make unprivileged user/group for the internal client resp. webserver configurable.
Diffstat (limited to 'config')
| -rw-r--r-- | config/lacme.conf | 20 |
1 files changed, 10 insertions, 10 deletions
diff --git a/config/lacme.conf b/config/lacme.conf index 9f4db72..cc8488d 100644 --- a/config/lacme.conf +++ b/config/lacme.conf @@ -19,15 +19,15 @@ #socket = # username to drop privileges to (setting both effective and real uid). -# Preserve root privileges if the value is empty (not recommended). +# Skip privilege drop if the value is empty (not recommended). # -#user = nobody +#user = @@lacme_client_user@@ # groupname to drop privileges to (setting both effective and real gid, # and also setting the list of supplementary gids to that single group). -# Preserve root privileges if the value is empty (not recommended). +# Skip privilege drop if the value is empty (not recommended). # -#group = nogroup +#group = @@lacme_client_group@@ # Path to the ACME client executable. # @@ -72,15 +72,15 @@ #challenge-directory = # username to drop privileges to (setting both effective and real uid). -# Preserve root privileges if the value is empty (not recommended). +# Skip privilege drop if the value is empty (not recommended). # -#user = www-data +#user = @@lacme_www_user@@ # groupname to drop privileges to (setting both effective and real gid, # and also setting the list of supplementary gids to that single group). -# Preserve root privileges if the value is empty (not recommended). +# Skip privilege drop if the value is empty (not recommended). # -#group = www-data +#group = @@lacme_www_group@@ # Path to the ACME webserver executable. # @@ -99,13 +99,13 @@ # an existing lacme-accountd(1) process via a UNIX-domain socket. # username to drop privileges to (setting both effective and real uid). -# Preserve root privileges if the value is empty. +# Skip privilege drop if the value is empty. # #user = # groupname to drop privileges to (setting both effective and real gid, # and also setting the list of supplementary gids to that single group). -# Preserve root privileges if the value is empty. +# Skip privilege drop if the value is empty. # #group = |