beenull/sftpgo
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

systemd unit: run as "sftpgo" system user

Browse source 
Update the docs too

Fixes #177
This commit is contained in:
Nicola Murino 2020-09-25 18:23:04 +02:00
parent b23276c002
commit 4ebedace1e
4 changed files with 30 additions and 28 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

26
docs/howto/postgresql-s3.md
View file

@ -204,34 +204,12 @@ $ sftpgo initprovider -c /etc/sftpgo
## Install SFTPGo systemd service ## Install SFTPGo systemd service
Create the systemd service file `/etc/systemd/system/sftpgo.service` with the following content: Copy the systemd service file.
```shell ```shell
[Unit] sudo install -Dm644 init/sftpgo.service /etc/systemd/system
Description=SFTPGo Server
After=network.target postgresql.service
[Service]
User=sftpgo
Group=sftpgo
Type=simple
WorkingDirectory=/etc/sftpgo
Environment=SFTPGO_CONFIG_DIR=/etc/sftpgo/
Environment=SFTPGO_LOG_FILE_PATH=
EnvironmentFile=-/etc/sftpgo/sftpgo.env
ExecStart=/usr/bin/sftpgo serve
ExecReload=/bin/kill -s HUP $MAINPID
KillMode=mixed
PrivateTmp=true
Restart=always
RestartSec=10s
[Install]
WantedBy=multi-user.target
``` ```
This way SFTPGo will run using the dedicated `sftpgo` user and the service will start after PostgreSQL.
Next, start the SFTPGo service and add it to the system boot. Next, start the SFTPGo service and add it to the system boot.
```shell ```shell

23
docs/service.md
View file

@ -1,12 +1,25 @@
# Running SFTPGo as a service # Running SFTPGo as a service
Download a binary SFTPGo [release](https://github.com/drakkan/sftpgo/releases) or a build artifact for the [latest commit](https://github.com/drakkan/sftpgo/actions) or build SFTPGo yourself.
Run the following instructions from the directory that contains the sftpgo binary and the accompanying files.
## Linux ## Linux
For Linux, a `systemd` sample [service](../init/sftpgo.service "systemd service") can be found inside the source tree. For Linux, a `systemd` sample [service](../init/sftpgo.service "systemd service") can be found inside the source tree.
Here are some basic instructions to run SFTPGo as service, please run the following commands from the directory where you downloaded SFTPGo: Here are some basic instructions to run SFTPGo as service using a dedicated `sftpgo` system account, please run the following commands from the directory where you downloaded SFTPGo:
```bash ```bash
# create the sftpgo user and group
sudo groupadd --system sftpgo
sudo useradd --system \
--gid sftpgo \
--no-create-home \
--home-dir /var/lib/sftpgo \
--shell /usr/sbin/nologin \
--comment "SFTPGo user" \
sftpgo
# create the required directories # create the required directories
sudo mkdir -p /etc/sftpgo \ sudo mkdir -p /etc/sftpgo \
/var/lib/sftpgo \ /var/lib/sftpgo \
@ -23,11 +36,17 @@ sudo sh -c 'echo "SFTPGO_HTTPD__BACKUPS_PATH=/var/lib/sftpgo/backups" >> /etc/sf
sudo sh -c 'echo "SFTPGO_DATA_PROVIDER__CREDENTIALS_PATH=/var/lib/sftpgo/credentials" >> /etc/sftpgo/sftpgo.env' sudo sh -c 'echo "SFTPGO_DATA_PROVIDER__CREDENTIALS_PATH=/var/lib/sftpgo/credentials" >> /etc/sftpgo/sftpgo.env'
# if you use a file based data provider such as sqlite or bolt consider to set the database path too, for example: # if you use a file based data provider such as sqlite or bolt consider to set the database path too, for example:
#sudo sh -c 'echo "SFTPGO_DATA_PROVIDER__NAME=/var/lib/sftpgo/sftpgo.db" >> /etc/sftpgo/sftpgo.env' #sudo sh -c 'echo "SFTPGO_DATA_PROVIDER__NAME=/var/lib/sftpgo/sftpgo.db" >> /etc/sftpgo/sftpgo.env'
# also set the provider's PATH as env var to get initprovider to work with SQLite provider:
#export SFTPGO_DATA_PROVIDER__NAME=/var/lib/sftpgo/sftpgo.db
# install static files and templates for the web UI # install static files and templates for the web UI
sudo cp -r static templates /usr/share/sftpgo/ sudo cp -r static templates /usr/share/sftpgo/
# set files and directory permissions
sudo chown -R sftpgo:sftpgo /etc/sftpgo /var/lib/sftpgo
sudo chmod 750 /etc/sftpgo /var/lib/sftpgo
sudo chmod 640 /etc/sftpgo/sftpgo.json /etc/sftpgo/sftpgo.env
# initialize the configured data provider # initialize the configured data provider
# if you want to use MySQL or PostgreSQL you need to create the configured database before running the initprovider command # if you want to use MySQL or PostgreSQL you need to create the configured database before running the initprovider command
sudo /usr/bin/sftpgo initprovider -c /etc/sftpgo/ sudo -E su - sftpgo -m -s /bin/bash -c 'sftpgo initprovider -c /etc/sftpgo'
# install the systemd service # install the systemd service
sudo install -Dm644 init/sftpgo.service /etc/systemd/system sudo install -Dm644 init/sftpgo.service /etc/systemd/system
# start the service # start the service

4
init/sftpgo.service
View file

@ -3,8 +3,8 @@ Description=SFTPGo Server
After=network.target After=network.target
[Service] [Service]
User=root User=sftpgo
Group=root Group=sftpgo
Type=simple Type=simple
WorkingDirectory=/etc/sftpgo WorkingDirectory=/etc/sftpgo
Environment=SFTPGO_CONFIG_DIR=/etc/sftpgo/ Environment=SFTPGO_CONFIG_DIR=/etc/sftpgo/

5
sftpd/sftpd_test.go
View file

@ -906,6 +906,11 @@ func TestEscapeHomeDir(t *testing.T) {
assert.NoError(t, err) assert.NoError(t, err)
_, err := client.ReadDir(testDir) _, err := client.ReadDir(testDir)
assert.Error(t, err, "reading a symbolic link outside home dir should not succeeded") assert.Error(t, err, "reading a symbolic link outside home dir should not succeeded")
err = client.Chmod(path.Join(testDir, "sub", "dir"), os.ModePerm)
if assert.Error(t, err) {
assert.Contains(t, err.Error(), "SSH_FX_FAILURE")
}
assert.Error(t, err, "setstat on a file outside home dir must fail")
testFilePath := filepath.Join(homeBasePath, testFileName) testFilePath := filepath.Join(homeBasePath, testFileName)
testFileSize := int64(65535) testFileSize := int64(65535)
err = createTestFile(testFilePath, testFileSize) err = createTestFile(testFilePath, testFileSize)