From 8ae91038ff8f48c1937d2d6cd42d42cccaa00d24 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bj=C3=B6rn=20Bidar?= Date: Fri, 28 Oct 2022 11:26:19 +0300 Subject: [PATCH] Linux: Don't create user for systemd units use DynamicUser MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Björn Bidar --- davmail.spec | 4 +++- src/init/davmail.service | 1 + src/init/davmail@.service | 1 + 3 files changed, 5 insertions(+), 1 deletion(-) diff --git a/davmail.spec b/davmail.spec index 9a0bdf9a..18c0b955 100644 --- a/davmail.spec +++ b/davmail.spec @@ -132,10 +132,11 @@ install -m 0644 src/appstream/org.davmail.DavMail.appdata.xml $RPM_BUILD_ROOT%{_ rm -rf $RPM_BUILD_ROOT %pre +%if 0%{!?systemd_macros:1} /usr/sbin/groupadd -f -r davmail > /dev/null 2>&1 || : /usr/sbin/useradd -r -s /sbin/nologin -d /var/lib/davmail -M \ -g davmail davmail > /dev/null 2>&1 || : -%if %systemd_macros +%else %service_add_pre davmail.service %endif @@ -230,6 +231,7 @@ fi - Create initial log file with systemd-tmpfiles - Harden systemd service - Add systemd system sevice template unit +- Don't create user for systemd units use DynamicUser * Wed Jul 07 2021 Michal Suchanek - Tumbleweed no longer supports init.d services and fails build when installed diff --git a/src/init/davmail.service b/src/init/davmail.service index 7232e81f..70235a0e 100644 --- a/src/init/davmail.service +++ b/src/init/davmail.service @@ -8,6 +8,7 @@ After=network.target [Service] Type=simple User=davmail +DynamicUser=yes PermissionsStartOnly=true AmbientCapabilities=CAP_NET_BIND_SERVICE ExecStart=/usr/bin/davmail -server /etc/davmail.properties diff --git a/src/init/davmail@.service b/src/init/davmail@.service index 94ca3b67..b942e0fc 100644 --- a/src/init/davmail@.service +++ b/src/init/davmail@.service @@ -8,6 +8,7 @@ After=network.target [Service] Type=simple User=davmail +DynamicUser=yes PermissionsStartOnly=true AmbientCapabilities=CAP_NET_BIND_SERVICE ExecStart=/usr/bin/davmail -server /etc/davmail/%i.properties