beenull/sftpgo-mirror
1
0
Fork 0
mirror of https://github.com/drakkan/sftpgo.git synced 2024-11-21 15:10:23 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 6

systemd unit: run as "sftpgo" system user

Browse source 
Update the docs too

Fixes #177
This commit is contained in:
Nicola Murino 2020-09-25 18:23:04 +02:00
parent b23276c002
commit 4ebedace1e
4 changed files with 30 additions and 28 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

26
docs/howto/postgresql-s3.md
View file

@ -204,34 +204,12 @@ $ sftpgo initprovider -c /etc/sftpgo
## Install SFTPGo systemd service
Create the systemd service file `/etc/systemd/system/sftpgo.service` with the following content:
Copy the systemd service file.
```shell
[Unit]
Description=SFTPGo Server
After=network.target postgresql.service
[Service]
User=sftpgo
Group=sftpgo
Type=simple
WorkingDirectory=/etc/sftpgo
Environment=SFTPGO_CONFIG_DIR=/etc/sftpgo/
Environment=SFTPGO_LOG_FILE_PATH=
EnvironmentFile=-/etc/sftpgo/sftpgo.env
ExecStart=/usr/bin/sftpgo serve
ExecReload=/bin/kill -s HUP $MAINPID
KillMode=mixed
PrivateTmp=true
Restart=always
RestartSec=10s
[Install]
WantedBy=multi-user.target
sudo install -Dm644 init/sftpgo.service /etc/systemd/system
```
This way SFTPGo will run using the dedicated `sftpgo` user and the service will start after PostgreSQL.
Next, start the SFTPGo service and add it to the system boot.
```shell

23
docs/service.md
View file

@ -1,12 +1,25 @@
# Running SFTPGo as a service
Download a binary SFTPGo [release](https://github.com/drakkan/sftpgo/releases) or a build artifact for the [latest commit](https://github.com/drakkan/sftpgo/actions) or build SFTPGo yourself.
Run the following instructions from the directory that contains the sftpgo binary and the accompanying files.
## Linux
For Linux, a `systemd` sample [service](../init/sftpgo.service "systemd service") can be found inside the source tree.
Here are some basic instructions to run SFTPGo as service, please run the following commands from the directory where you downloaded SFTPGo:
Here are some basic instructions to run SFTPGo as service using a dedicated `sftpgo` system account, please run the following commands from the directory where you downloaded SFTPGo:
```bash
# create the sftpgo user and group
sudo groupadd --system sftpgo
sudo useradd --system \
--gid sftpgo \
--no-create-home \
--home-dir /var/lib/sftpgo \
--shell /usr/sbin/nologin \
--comment "SFTPGo user" \
sftpgo
# create the required directories
sudo mkdir -p /etc/sftpgo \
/var/lib/sftpgo \
@ -23,11 +36,17 @@ sudo sh -c 'echo "SFTPGO_HTTPD__BACKUPS_PATH=/var/lib/sftpgo/backups" >> /etc/sf
sudo sh -c 'echo "SFTPGO_DATA_PROVIDER__CREDENTIALS_PATH=/var/lib/sftpgo/credentials" >> /etc/sftpgo/sftpgo.env'
# if you use a file based data provider such as sqlite or bolt consider to set the database path too, for example:
#sudo sh -c 'echo "SFTPGO_DATA_PROVIDER__NAME=/var/lib/sftpgo/sftpgo.db" >> /etc/sftpgo/sftpgo.env'
# also set the provider's PATH as env var to get initprovider to work with SQLite provider:
#export SFTPGO_DATA_PROVIDER__NAME=/var/lib/sftpgo/sftpgo.db
# install static files and templates for the web UI
sudo cp -r static templates /usr/share/sftpgo/
# set files and directory permissions
sudo chown -R sftpgo:sftpgo /etc/sftpgo /var/lib/sftpgo
sudo chmod 750 /etc/sftpgo /var/lib/sftpgo
sudo chmod 640 /etc/sftpgo/sftpgo.json /etc/sftpgo/sftpgo.env
# initialize the configured data provider
# if you want to use MySQL or PostgreSQL you need to create the configured database before running the initprovider command
sudo /usr/bin/sftpgo initprovider -c /etc/sftpgo/
sudo -E su - sftpgo -m -s /bin/bash -c 'sftpgo initprovider -c /etc/sftpgo'
# install the systemd service
sudo install -Dm644 init/sftpgo.service /etc/systemd/system
# start the service

4
init/sftpgo.service
View file

@ -3,8 +3,8 @@ Description=SFTPGo Server
After=network.target
[Service]
User=root
Group=root
User=sftpgo
Group=sftpgo
Type=simple
WorkingDirectory=/etc/sftpgo
Environment=SFTPGO_CONFIG_DIR=/etc/sftpgo/

5
sftpd/sftpd_test.go
View file

@ -906,6 +906,11 @@ func TestEscapeHomeDir(t *testing.T) {
assert.NoError(t, err)
_, err := client.ReadDir(testDir)
assert.Error(t, err, "reading a symbolic link outside home dir should not succeeded")
err = client.Chmod(path.Join(testDir, "sub", "dir"), os.ModePerm)
if assert.Error(t, err) {
assert.Contains(t, err.Error(), "SSH_FX_FAILURE")
}
assert.Error(t, err, "setstat on a file outside home dir must fail")
testFilePath := filepath.Join(homeBasePath, testFileName)
testFileSize := int64(65535)
err = createTestFile(testFilePath, testFileSize)