mirror of
https://github.com/foxcpp/maddy.git
synced 2025-04-04 05:37:34 +03:00
Make it easier to avoid permission issues when setting up maddy
1. Clarify that you need to manually create the user and group when building from source. ./build.sh does not do that since it is a packaging tool, not system configuration one. 2. Do not require "go" command to be present when running ./build.sh install. go installation may be user-specific and unavailable when running with sudo. 3. Ease UMask restrictions. Allow group access. This allows CLI commands to be run by any user in maddy group. See #569.
This commit is contained in:
parent
a2f8916183
commit
28bdf6d33f
5 changed files with 32 additions and 12 deletions
5
dist/systemd/maddy.service
vendored
5
dist/systemd/maddy.service
vendored
|
@ -54,8 +54,9 @@ KillSignal=SIGTERM
|
|||
AmbientCapabilities=CAP_NET_BIND_SERVICE
|
||||
CapabilityBoundingSet=CAP_NET_BIND_SERVICE
|
||||
|
||||
# Force all files created by maddy to be only readable by it.
|
||||
UMask=0027
|
||||
# Force all files created by maddy to be only readable by it
|
||||
# and maddy group.
|
||||
UMask=0007
|
||||
|
||||
# Bump FD limitations. Even idle mail server can have a lot of FDs open (think
|
||||
# of idle IMAP connections, especially ones abandoned on the other end and
|
||||
|
|
5
dist/systemd/maddy@.service
vendored
5
dist/systemd/maddy@.service
vendored
|
@ -50,8 +50,9 @@ KillSignal=SIGTERM
|
|||
AmbientCapabilities=CAP_NET_BIND_SERVICE
|
||||
CapabilityBoundingSet=CAP_NET_BIND_SERVICE
|
||||
|
||||
# Force all files created by maddy to be only readable by it.
|
||||
UMask=0027
|
||||
# Force all files created by maddy to be only readable by it and
|
||||
# maddy group.
|
||||
UMask=0007
|
||||
|
||||
# Bump FD limitations. Even idle mail server can have a lot of FDs open (think
|
||||
# of idle IMAP connections, especially ones abandoned on the other end and
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue