From a321c90db4a6d323f1a9bc06c4d861cee8868664 Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Mon, 15 Feb 2021 00:32:29 +0100 Subject: Use dedicated system users for internal components. * The internal webserver now runs as a dedicated system user _lacme-www (and group nogroup) instead of www-data:www-data. This is configurable in the [webserver] section of the lacme(8) configuration file. * The internal ACME client now runs as a dedicated system user _lacme-client (and group nogroup) instead of nobody:nogroup. This is configurable in the [client] section of the lacme(8) configuration file. * The _lacme-www and _lacme-client system users are created automatically by lacme.postinst (hence a new Depends: adduser), and deleted on purge. (So make sure not to chown any file to these internal users.) --- debian/control | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'debian/control') diff --git a/debian/control b/debian/control index 91bdac2..07419a2 100644 --- a/debian/control +++ b/debian/control @@ -11,7 +11,8 @@ Vcs-Browser: https://salsa.debian.org/debian/lacme Package: lacme Architecture: all -Depends: libconfig-tiny-perl, +Depends: adduser, + libconfig-tiny-perl, libjson-perl, libnet-ssleay-perl, libtimedate-perl, -- cgit v1.2.3