osmith has uploaded this change for review. ( https://gerrit.osmocom.org/c/erlang/osmo-epdg/+/36944?usp=email )
Change subject: contrib/systemd: run as osmocom user ......................................................................
contrib/systemd: run as osmocom user
Related: OS#4107 Change-Id: I6c8f3b316f13d497a15fcb4fe904fe0628ee2d13 --- M contrib/systemd/osmo-epdg.service A debian/postinst 2 files changed, 36 insertions(+), 0 deletions(-)
git pull ssh://gerrit.osmocom.org:29418/erlang/osmo-epdg refs/changes/44/36944/1
diff --git a/contrib/systemd/osmo-epdg.service b/contrib/systemd/osmo-epdg.service index 40318c1..df06a4f 100644 --- a/contrib/systemd/osmo-epdg.service +++ b/contrib/systemd/osmo-epdg.service @@ -8,10 +8,14 @@ Restart=always StateDirectory=osmo-epdg WorkingDirectory=%S/osmo-epdg +User=osmocom +Group=osmocom Environment="ERL_FLAGS=-config /etc/osmocom/osmo-epdg.config" ExecStartPre=-/usr/bin/ip link del gtp0 ExecStart=/usr/bin/osmo-epdg RestartSec=2 +# For setting up the gtp device +AmbientCapabilities=CAP_NET_ADMIN
[Install] WantedBy=multi-user.target diff --git a/debian/postinst b/debian/postinst new file mode 100755 index 0000000..d4857a2 --- /dev/null +++ b/debian/postinst @@ -0,0 +1,22 @@ +#!/bin/sh -e +case "$1" in + configure) + # Create the osmocom group and user (if it doesn't exist yet) + if ! getent group osmocom >/dev/null; then + groupadd --system osmocom + fi + if ! getent passwd osmocom >/dev/null; then + useradd \ + --system \ + --gid osmocom \ + --home-dir /var/lib/osmocom \ + --shell /sbin/nologin \ + --comment "Open Source Mobile Communications" \ + osmocom + fi + ;; +esac + +# dh_installdeb(1) will replace this with shell code automatically +# generated by other debhelper scripts. +#DEBHELPER#