postgrest-docs icon indicating copy to clipboard operation
postgrest-docs copied to clipboard
verified publisher icon PostgREST

Question about Daemonizing

Open H20-17 opened this issue 5 years ago • 1 comments

I'm reading the docs on Demonizing.

In the docs it says to create a systemd service file as follows:

[Unit]
Description=REST API for any Postgres database
After=postgresql.service

[Service]
ExecStart=/bin/postgrest /etc/postgrest/config
ExecReload=/bin/kill -SIGUSR1 $MAINPID

[Install]
WantedBy=multi-user.target

Why aren't we told to add a line like

User = postgrest_authenticator_user

in the [Service] section?

That way we would be running postgrest as a different user from root. Wouldn't that be preferable from a security stand point?

H20-17 avatar Jan 24 '20 21:01 H20-17

The service file was meant to be basic/simple. But sure, a specific user can be recommended. Perhaps mention it as a comment in the file or a note in the docs.

I'll move the issue to docs, would be great if you can contribute a PR with this addition.

steve-chavez avatar Jan 26 '20 04:01 steve-chavez

The current example for systemd already has a USER= line.

wolfgangwalther avatar Feb 18 '24 13:02 wolfgangwalther