Browse Source

debian/shadowsocks-libev.{default,init,service}: Run service as non-root

pull/1121/head
Roger Shimizu 7 years ago
committed by Max Lv
parent
commit
cc30c7b6eb
4 changed files with 12 additions and 12 deletions
  1. 5
      debian/control
  2. 4
      debian/shadowsocks-libev.default
  3. 10
      debian/shadowsocks-libev.init
  4. 5
      debian/shadowsocks-libev.service

5
debian/control

@ -26,11 +26,10 @@ Breaks:
Architecture: any Architecture: any
Depends: Depends:
apg, apg,
libcap2-bin [linux-any],
lsb-base (>= 3.0-6), lsb-base (>= 3.0-6),
${misc:Depends}, ${misc:Depends},
${shlibs:Depends},
Suggests:
libcap2-bin
${shlibs:Depends}
Description: lightweight and secure socks5 proxy Description: lightweight and secure socks5 proxy
Shadowsocks-libev is a lightweight and secure socks5 proxy for Shadowsocks-libev is a lightweight and secure socks5 proxy for
embedded devices and low end boxes. embedded devices and low end boxes.

4
debian/shadowsocks-libev.default

@ -18,8 +18,8 @@ CONFFILE="/etc/shadowsocks-libev/config.json"
DAEMON_ARGS="-u" DAEMON_ARGS="-u"
# User and group to run the server as # User and group to run the server as
USER=root
GROUP=root
USER=nobody
GROUP=nogroup
# Number of maximum file descriptors # Number of maximum file descriptors
MAXFD=32768 MAXFD=32768

10
debian/shadowsocks-libev.init

@ -29,8 +29,8 @@ SCRIPTNAME=/etc/init.d/$NAME
[ "$START" = "yes" ] || exit 0 [ "$START" = "yes" ] || exit 0
: ${USER:="root"}
: ${GROUP:="root"}
: ${USER:="nobody"}
: ${GROUP:="nogroup"}
# Load the VERBOSE setting and other rcS variables # Load the VERBOSE setting and other rcS variables
. /lib/init/vars.sh . /lib/init/vars.sh
@ -55,10 +55,10 @@ do_start()
# 0 if daemon has been started # 0 if daemon has been started
# 1 if daemon was already running # 1 if daemon was already running
# 2 if daemon could not be started # 2 if daemon could not be started
start-stop-daemon --start --quiet --pidfile $PIDFILE --chuid root:$GROUP --exec $DAEMON --test > /dev/null \
start-stop-daemon --start --quiet --pidfile $PIDFILE --chuid $USER:$GROUP --exec $DAEMON --test > /dev/null \
|| return 1 || return 1
start-stop-daemon --start --quiet --pidfile $PIDFILE --chuid root:$GROUP --exec $DAEMON -- \
-c "$CONFFILE" -a "$USER" -u -f $PIDFILE $DAEMON_ARGS \
start-stop-daemon --start --quiet --pidfile $PIDFILE --chuid $USER:$GROUP --exec $DAEMON -- \
-c "$CONFFILE" -u -f $PIDFILE $DAEMON_ARGS \
|| return 2 || return 2
} }

5
debian/shadowsocks-libev.service

@ -16,9 +16,10 @@ After=network.target
[Service] [Service]
Type=simple Type=simple
EnvironmentFile=/etc/default/shadowsocks-libev EnvironmentFile=/etc/default/shadowsocks-libev
User=root
User=nobody
Group=nogroup
LimitNOFILE=32768 LimitNOFILE=32768
ExecStart=/usr/bin/ss-server -a $USER -c $CONFFILE $DAEMON_ARGS
ExecStart=/usr/bin/ss-server -c $CONFFILE $DAEMON_ARGS
[Install] [Install]
WantedBy=multi-user.target WantedBy=multi-user.target

Loading…
Cancel
Save