Greetings, Do folks use non-root users to own AF_INET sockets to limit root exposure in their systemd socket units?
Is it even a sensible question? Thanks for any commentary! FWIW, here is my .socket and .service units: ==> /etc/systemd/system/cdr-adjunct@.service <== [Unit] Description=Call Detail Record Adjunct Processor [Service] ExecStart=/opt/src/cdr-adjunct/python/cdr-adjunct.py StandardInput=socket User=phone ==> /etc/systemd/system/cdr-adjunct.socket <== [Unit] Description=Socket for Call Detail Record Adjunct Processor [Socket] ListenStream=9000 Accept=yes [Install] WantedBy=sockets.target Cheers! -m
_______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel
