search

m13253 / dns-over-https

High performance DNS over HTTPS client & server
https://developers.google.com/speed/public-dns/docs/dns-over-https
MIT License
1.96k stars 221 forks source link

Systemd user nobody #139

Closed omgold closed 1 year ago

omgold commented 1 year ago

The systemd units set the user to nobody. As this not advisable for security reasons, system produces annoying warnings

Okt 06 09:58:58 systemd[1]: [🡕] /usr/lib/systemd/system/doh-client.service:15: Special user nobody configured, this is not safe!

My suggestion would be to user DynamicUser=yes instead of User=nobody

m13253 commented 1 year ago

I am good with this change. Have you checked whether the change introduces new bugs? (Especially permission related ones.)

omgold commented 1 year ago

Well, it works for me, and journal doesn't produce any messages. So I guess it is okay.

m13253 commented 1 year ago

I'm going to merge PR #140 in 2–3 days. Anyone who is actively using dns-over-https with systemd can help me test this change.

vinnyperella commented 1 year ago

I just added it to my instance and it seems to be fine so far.