debian/shadowsocks-libev.{default,init,service}: Run service as non-root

debian/shadowsocks-libev.default

@@ -18,8 +18,8 @@ CONFFILE="/etc/shadowsocks-libev/config.json"
 DAEMON_ARGS="-u"
 
 # User and group to run the server as
-USER=root
-GROUP=root
+USER=nobody
+GROUP=nogroup
 
 # Number of maximum file descriptors
 MAXFD=32768

debian/shadowsocks-libev.init

@@ -29,8 +29,8 @@ SCRIPTNAME=/etc/init.d/$NAME
 
 [ "$START" = "yes" ] || exit 0
 
-: ${USER:="root"}
-: ${GROUP:="root"}
+: ${USER:="nobody"}
+: ${GROUP:="nogroup"}
 
 # Load the VERBOSE setting and other rcS variables
 . /lib/init/vars.sh
@@ -55,9 +55,9 @@ do_start()
     #   0 if daemon has been started
     #   1 if daemon was already running
     #   2 if daemon could not be started
-    start-stop-daemon --start --quiet --pidfile $PIDFILE --chuid root:$GROUP --exec $DAEMON --test > /dev/null \
+    start-stop-daemon --start --quiet --pidfile $PIDFILE --chuid $USER:$GROUP --exec $DAEMON --test > /dev/null \
         || return 1
-    start-stop-daemon --start --quiet --pidfile $PIDFILE --chuid root:$GROUP --exec $DAEMON -- \
+    start-stop-daemon --start --quiet --pidfile $PIDFILE --chuid $USER:$GROUP --exec $DAEMON -- \
         -c "$CONFFILE" -a "$USER" -u -f $PIDFILE $DAEMON_ARGS \
         || return 2
 }

debian/shadowsocks-libev.service

@@ -16,7 +16,7 @@ After=network.target
 [Service]
 Type=simple
 EnvironmentFile=/etc/default/shadowsocks-libev
-User=root
+User=nobody
 LimitNOFILE=32768
 ExecStart=/usr/bin/ss-server -a $USER -c $CONFFILE $DAEMON_ARGS