Home Explore Help
Sign In
SMusatov
/
ntfy
mirror of https://github.com/binwiederhier/ntfy.git
1
0
Fork 0
Files
Browse Source

Make ntfy run as ntfy user/group, closes #38

Philipp Heckel 3 years ago
parent
808b63eaa1
commit
9a56c24dbe
6 changed files with 28 additions and 3 deletions
Split View Show Diff Stats
  1. 2 0
      .goreleaser.yml
  2. 1 1
      Makefile
  3. 3 0
      config/config.yml
  4. 3 0
      config/ntfy.service
  5. 15 0
      scripts/postinst.sh
  6. 4 2
      scripts/postrm.sh

+ 2 - 0
.goreleaser.yml
View File 

@@ -52,6 +52,8 @@ nfpms:
 
         type: config
 
       - src: config/ntfy.service
 
         dst: /lib/systemd/system/ntfy.service
 
+      - dst: /var/cache/ntfy
 
+        type: dir
 
     scripts:
 
       postinstall: "scripts/postinst.sh"
 
       preremove: "scripts/prerm.sh"

+ 1 - 1
Makefile
View File 

@@ -143,4 +143,4 @@ install:
 
 install-deb:
 
 	sudo systemctl stop ntfy || true
 
 	sudo apt-get purge ntfy || true
 
-	sudo dpkg -i dist/*.deb
 
+	sudo dpkg -i dist/ntfy_*_linux_amd64.deb

+ 3 - 0
config/config.yml
View File 

@@ -28,6 +28,9 @@
 
 # If set, messages are cached in a local SQLite database instead of only in-memory. This
 
 # allows for service restarts without losing messages in support of the since= parameter.
 
 #
 
+# Note: If you are running ntfy with systemd, make sure this cache file is owned by the
 
+#       ntfy user and group by running: chown ntfy.ntfy <filename>.
 
+#
 
 # cache-file: <filename>
 
 
 # Duration for which messages will be buffered before they are deleted.

+ 3 - 0
config/ntfy.service
View File 

@@ -3,8 +3,11 @@ Description=ntfy server
 
 After=network.target
 
 
 [Service]
 
+User=ntfy
 
+Group=ntfy
 
 ExecStart=/usr/bin/ntfy
 
 Restart=on-failure
 
+AmbientCapabilities=CAP_NET_BIND_SERVICE
 
 LimitNOFILE=10000
 
 
 [Install]

+ 15 - 0
scripts/postinst.sh
View File 

@@ -7,6 +7,21 @@ set -e
 
 # TODO: This is only tested on Debian.
 
 #
 
 if [ "$1" = "configure" ] && [ -d /run/systemd/system ]; then
 
+  # Create ntfy user/group
 
+  id ntfy >/dev/null 2>&1 || useradd --system --no-create-home ntfy
 
+  chown ntfy.ntfy /var/cache/ntfy
 
+  chmod 700 /var/cache/ntfy
 
+
 
+  # Hack to change permissions on cache file
 
+  configfile="/etc/ntfy/config.yml"
 
+  if [ -f "$configfile" ]; then
 
+    cachefile="$(cat "$configfile" | perl -n -e'/^\s*cache-file: (.+)/ && print $1')"
 
+    if [ -n "$cachefile" ]; then
 
+      chown ntfy.ntfy "$cachefile" || true
 
+    fi
 
+  fi
 
+
 
+  # Restart service
 
   systemctl --system daemon-reload >/dev/null || true
 
   if systemctl is-active -q ntfy.service; then
 
     echo "Restarting ntfy.service ..."

+ 4 - 2
scripts/postrm.sh
View File 

@@ -3,6 +3,8 @@ set -e
 
 
 # Delete the config if package is purged
 
 if [ "$1" = "purge" ]; then
 
-  echo "Deleting /etc/ntfy ..."
 
-  rm -rf /etc/ntfy || true
 
+  id ntfy >/dev/null 2>&1 && userdel ntfy
 
+  rm -f /etc/ntfy/config.yml
 
+  rmdir /etc/ntfy || true
 
 fi
 
+