mirror of
https://github.com/ilyakooo0/nixpkgs.git
synced 2024-09-22 21:18:28 +03:00
nixos/httpd: run as non root user
This commit is contained in:
parent
d3a41f3c23
commit
20f37a4430
@ -453,7 +453,13 @@ in
|
|||||||
type = types.str;
|
type = types.str;
|
||||||
default = "wwwrun";
|
default = "wwwrun";
|
||||||
description = ''
|
description = ''
|
||||||
User account under which httpd runs.
|
User account under which httpd children processes run.
|
||||||
|
|
||||||
|
If you require the main httpd process to run as
|
||||||
|
<literal>root</literal> add the following configuration:
|
||||||
|
<programlisting>
|
||||||
|
systemd.services.httpd.serviceConfig.User = lib.mkForce "root";
|
||||||
|
</programlisting>
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
@ -461,7 +467,7 @@ in
|
|||||||
type = types.str;
|
type = types.str;
|
||||||
default = "wwwrun";
|
default = "wwwrun";
|
||||||
description = ''
|
description = ''
|
||||||
Group under which httpd runs.
|
Group under which httpd children processes run.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
@ -724,7 +730,7 @@ in
|
|||||||
ExecStart = "@${pkg}/bin/httpd httpd -f ${httpdConf}";
|
ExecStart = "@${pkg}/bin/httpd httpd -f ${httpdConf}";
|
||||||
ExecStop = "${pkg}/bin/httpd -f ${httpdConf} -k graceful-stop";
|
ExecStop = "${pkg}/bin/httpd -f ${httpdConf} -k graceful-stop";
|
||||||
ExecReload = "${pkg}/bin/httpd -f ${httpdConf} -k graceful";
|
ExecReload = "${pkg}/bin/httpd -f ${httpdConf} -k graceful";
|
||||||
User = "root";
|
User = cfg.user;
|
||||||
Group = cfg.group;
|
Group = cfg.group;
|
||||||
Type = "forking";
|
Type = "forking";
|
||||||
PIDFile = "${runtimeDir}/httpd.pid";
|
PIDFile = "${runtimeDir}/httpd.pid";
|
||||||
@ -732,6 +738,7 @@ in
|
|||||||
RestartSec = "5s";
|
RestartSec = "5s";
|
||||||
RuntimeDirectory = "httpd httpd/runtime";
|
RuntimeDirectory = "httpd httpd/runtime";
|
||||||
RuntimeDirectoryMode = "0750";
|
RuntimeDirectoryMode = "0750";
|
||||||
|
AmbientCapabilities = [ "CAP_NET_BIND_SERVICE" ];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user