Make unprivileged user/group for the internal client resp. webserver configurable.

author: Guilhem Moulin <guilhem@fripost.org> 2020-12-09 20:28:46 +0100
committer: Guilhem Moulin <guilhem@fripost.org> 2020-12-09 20:28:46 +0100
commit: 61e4ad1347f51a84400cbf87633cc99f657f9ad7 (patch)
tree: 793203c0dd6f829facb67afb10db87bc86de44a8 /lacme
parent: e751a1e0215342be52da2c086ad2e7bc8901229e (diff)
1 files changed, 4 insertions, 4 deletions
diff --git a/lacme b/lacme
index 088e393..e4b8e01 100755
--- a/lacme
+++ b/lacme
@@ -91,8 +91,8 @@ do {
     my %valid = (
         client => {
             socket  => (defined $ENV{XDG_RUNTIME_DIR} ? "$ENV{XDG_RUNTIME_DIR}/S.lacme" : undef),
-            user    => 'nobody',
-            group   => 'nogroup',
+            user    => '@@lacme_client_user@@',
+            group   => '@@lacme_client_group@@',
             command => '@@libexecdir@@/lacme/client',
             # the rest is for the ACME client
             map {$_ => undef} qw/server timeout SSL_verify SSL_version SSL_cipher_list/
@@ -100,8 +100,8 @@ do {
         webserver => {
             listen                => '@@runstatedir@@/lacme-www.socket',
             'challenge-directory' => undef,
-            user                  => 'www-data',
-            group                 => 'www-data',
+            user                  => '@@lacme_www_user@@',
+            group                 => '@@lacme_www_group@@',
             command               => '@@libexecdir@@/lacme/webserver',
             iptables              => 'No'
author	Guilhem Moulin <guilhem@fripost.org>	2020-12-09 20:28:46 +0100
committer	Guilhem Moulin <guilhem@fripost.org>	2020-12-09 20:28:46 +0100
commit	61e4ad1347f51a84400cbf87633cc99f657f9ad7 (patch)
tree	793203c0dd6f829facb67afb10db87bc86de44a8 /lacme
parent	e751a1e0215342be52da2c086ad2e7bc8901229e (diff)