Use dedicated system users for internal components.

* The internal webserver now runs as a dedicated system user _lacme-www (and group nogroup) instead of www-data:www-data. This is configurable in the [webserver] section of the lacme(8) configuration file. * The internal ACME client now runs as a dedicated system user _lacme-client (and group nogroup) instead of nobody:nogroup. This is configurable in the [client] section of the lacme(8) configuration file. * The _lacme-www and _lacme-client system users are created automatically by lacme.postinst (hence a new Depends: adduser), and deleted on purge. (So make sure not to chown any file to these internal users.)
author: Guilhem Moulin <guilhem@debian.org> 2021-02-15 00:32:29 +0100
committer: Guilhem Moulin <guilhem@debian.org> 2021-02-22 03:31:12 +0100
commit: a321c90db4a6d323f1a9bc06c4d861cee8868664 (patch)
tree: 7804d619f5198b4387fb64b78f1742035d80fd78 /debian/control
parent: f08eeeed6abaea2d6dbe8fd801eb0acd187e23d0 (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/debian/control b/debian/control
index 91bdac2..07419a2 100644
--- a/debian/control
+++ b/debian/control
@@ -11,7 +11,8 @@ Vcs-Browser: https://salsa.debian.org/debian/lacme
 
 Package: lacme
 Architecture: all
-Depends: libconfig-tiny-perl,
+Depends: adduser,
+         libconfig-tiny-perl,
          libjson-perl,
          libnet-ssleay-perl,
          libtimedate-perl,
author	Guilhem Moulin <guilhem@debian.org>	2021-02-15 00:32:29 +0100
committer	Guilhem Moulin <guilhem@debian.org>	2021-02-22 03:31:12 +0100
commit	a321c90db4a6d323f1a9bc06c4d861cee8868664 (patch)
tree	7804d619f5198b4387fb64b78f1742035d80fd78 /debian/control
parent	f08eeeed6abaea2d6dbe8fd801eb0acd187e23d0 (diff)