From d6e9b9db4dc7c5847684cc180ac87793b4e8d8f8 Mon Sep 17 00:00:00 2001 From: Alex Palaistras Date: Sun, 19 Sep 2021 17:34:30 +0100 Subject: [PATCH] Run Prosody, LetsEncrypt as root This is until we figure out the permissions issues that are causing service failures. --- config/service/letsencrypt/Containerfile | 5 ----- config/service/prosody/Containerfile | 2 -- config/service/prosody/container/config/prosody.cfg.lua | 4 ++++ 3 files changed, 4 insertions(+), 7 deletions(-) diff --git a/config/service/letsencrypt/Containerfile b/config/service/letsencrypt/Containerfile index 4146ead..705222f 100644 --- a/config/service/letsencrypt/Containerfile +++ b/config/service/letsencrypt/Containerfile @@ -1,6 +1 @@ FROM docker.io/goacme/lego:v4.4.0 - -RUN addgroup --system --gid 10000 letsencrypt -RUN adduser --system --uid 10000 --ingroup letsencrypt --home /var/lib/letsencrypt letsencrypt - -USER letsencrypt diff --git a/config/service/prosody/Containerfile b/config/service/prosody/Containerfile index 841f6d4..3d6df96 100644 --- a/config/service/prosody/Containerfile +++ b/config/service/prosody/Containerfile @@ -19,7 +19,5 @@ RUN prosodyctl check config VOLUME /var/lib/prosody ENV __FLUSH_LOG yes -USER prosody EXPOSE 5222 5269 5280 5347 - ENTRYPOINT ["prosody"] diff --git a/config/service/prosody/container/config/prosody.cfg.lua b/config/service/prosody/container/config/prosody.cfg.lua index cfbfe0c..965fb12 100644 --- a/config/service/prosody/container/config/prosody.cfg.lua +++ b/config/service/prosody/container/config/prosody.cfg.lua @@ -25,6 +25,10 @@ admins = {} -- For more information see: https://prosody.im/doc/libevent use_libevent = true +-- Run Prosody under a restricted user and group, to prevent runaway permissions. +prosody_user = "prosody" +prosody_group = "prosody" + -- Prosody will always look in its source directory for modules, but -- this option allows you to specify additional locations where Prosody -- will look for modules first. For community modules, see https://modules.prosody.im/