mosquitto icon indicating copy to clipboard operation
mosquitto copied to clipboard

Published 20 hours ago verified publisher icon eclipse

Let systemd create directories

Open gchamp20 opened this issue 4 months ago • 0 comments

Context

Manually creating directories conflicts with systemd service hardening features. Particularly, ProtectSystem=strict mounts the filesystem has read-only for the processes started by the unit which leads to mkdir failing.

By setting User=mosquitto and adding RuntimeDirectory and LogsDirectory, systemd creates /run/mosquitto and /var/log/mosquitto with the right permissions even ProtectSystem=strict is used.

Adding User=mosquitto also has the side effect of running the daemon as the user mosquitto. I

Checklist

  • [X] Have you signed the Eclipse Contributor Agreement, using the same email address as you used in your commits? https://accounts.eclipse.org/users/gchamp20, submitted, appears to be pending? I can still re-submit but I now get an error.

  • [X] Do each of your commits have a "Signed-off-by" line, with the correct email address? Use "git commit -s" to generate this line for you.

  • [X] If you are contributing a new feature, is your work based off the develop branch?

  • [ ] If you are contributing a bugfix, is your work based off the fixes branch?

  • [X] Have you added an explanation of what your changes do and why you'd like us to include them?

  • [X] Have you successfully run make test with your changes locally?

gchamp20 avatar Oct 04 '24 20:10 gchamp20