Creating system users


(Dan) #1

So more on trying to clean up my acme-dns module… Right now, I have the service running as root. Best practice for security would be to run as a non-privileged user, which is what the acme-dns docs recommend. It seems the simplest way to accomplish this is to simply run the adduser command in the %pre section of the .spec file–is there something I’m missing, either with CentOS/RHEL in general, or with Neth in particular, that would make this a bad idea?

The Fedora Wiki, at least, appears to endorse this, which may narrow the question to Neth.


(Davide Principi) #2

In the past I did the same for NethServer.

Let me find a code example…

https://github.com/search?l=RPM+Spec&q=org%3ANethServer+useradd&type=Code

useradd -r in %pre seems to be a common pattern.


(Dan) #3

Great, thanks for the confirmation. Updated acme-dns RPM is released, now built from source and running as an unprivileged user.