goocsp/docs/cacert-goocsp.service at f6089bac79c0856feb46198ca5f9e3b54df0c9fe - cacert/goocsp - code.cacert.org :: CAcert code hosting

cacert/goocsp

Jan Dittberner f6089bac79 Run service as separate user

- create user cacert-goocsp in postinst script
- use CAP_NET_BIND_SERVICE in systemd unit to allow binding to
  priviledged ports
- change config file path to /etc/goocsp/config.yaml

2022-10-11 19:39:03 +02:00

13 lines

347 B

Desktop File

Raw Blame History

 [Unit]
 Description=CAcert OCSP responder service
 After=network.target
 [Service]
 AmbientCapabilities=CAP_NET_BIND_SERVICE
 ExecCondition=/bin/sh -c 'test -f /etc/goocsp/config.yaml'
 ExecStart=/usr/bin/cacert-goocsp -serverAddr ":80" -configFile /etc/goocsp/config.yaml
 StateDirectory=goocsp
 User=cacert-goocsp
 [Install]
 WantedBy=multi-user.target