mirror of
https://github.com/ergochat/ergo.git
synced 2024-11-25 13:29:27 +01:00
suggest 0700 permissions for the role user homedir
This commit is contained in:
parent
8de7a0edbe
commit
dc4214a8ca
@ -180,7 +180,7 @@ The recommended way to operate oragono as a service on Linux is via systemd. Thi
|
||||
|
||||
The only major distribution that currently packages Oragono is Arch Linux; the aforementioned AUR package includes a systemd unit file. However, it should be fairly straightforward to set up a productionized Oragono on any Linux distribution. Here's a quickstart guide for Debian/Ubuntu:
|
||||
|
||||
1. Create a dedicated, unprivileged role user who will own the oragono process and all its associated files: `adduser --system --group oragono`. This user now has a home directory at `/home/oragono`.
|
||||
1. Create a dedicated, unprivileged role user who will own the oragono process and all its associated files: `adduser --system --group oragono`. This user now has a home directory at `/home/oragono`. To prevent other users from viewing Oragono's configuration file, database, and certificates, restrict the permissions on the home directory: `chmod 0700 /home/oragono`.
|
||||
1. Copy the executable binary `oragono`, the config file `ircd.yaml`, the database `ircd.db`, and the self-signed TLS certificate (`fullchain.pem` and `privkey.pem`) to `/home/oragono`. (If you don't have an `ircd.db`, it will be auto-created as `/home/oragono/ircd.db` on first launch.) Ensure that they are all owned by the new oragono role user: `sudo chown oragono:oragono /home/oragono/*`. Ensure that the configuration file logs to stderr.
|
||||
1. Install our example [oragono.service](https://github.com/oragono/oragono/blob/master/distrib/systemd/oragono.service) file to `/etc/systemd/system/oragono.service`.
|
||||
1. Enable and start the new service with the following commands:
|
||||
|
Loading…
Reference in New Issue
Block a user