You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'm currently submitting this package for nixos ( see PR ) and one comment was raised that it would be better to run the service as DynamicUser and give it the permissions it needs through CapabilityBoundingSet which would make it more secure.
I believe that for this to work, it would need the main script to test write permission on the targeted files instead of checking if the user is root.
The text was updated successfully, but these errors were encountered:
I'm currently submitting this package for nixos ( see PR ) and one comment was raised that it would be better to run the service as
DynamicUserand give it the permissions it needs throughCapabilityBoundingSetwhich would make it more secure.I believe that for this to work, it would need the main script to test write permission on the targeted files instead of checking if the user is root.
The text was updated successfully, but these errors were encountered: