run as jvb, not root

author: C0rn3j 2020-05-27 11:07:50 +0200
committer: C0rn3j 2020-05-27 11:07:50 +0200
commit: d217b84f536f923fd5b8d40fb0073197ca5d871a (patch)
tree: 9bcae3f7a6c9eb9d38c91e072192b329d0ac8b21 /jitsi-videobridge.service
parent: d051920b2e3ba52376628e087b827ef1306ce00a (diff)
download: aur-d217b84f536f923fd5b8d40fb0073197ca5d871a.tar.gz
1 files changed, 15 insertions, 0 deletions
diff --git a/jitsi-videobridge.service b/jitsi-videobridge.service
index 6e97d534a635..ae82918c0322 100644
--- a/jitsi-videobridge.service
+++ b/jitsi-videobridge.service
@@ -6,8 +6,23 @@ After=network-online.target
 [Service]
 Type=simple
 EnvironmentFile=/etc/jitsi/videobridge/jitsi-videobridge.conf
+User=jvb
 ExecStart=/usr/share/jitsi-videobridge/jvb.sh --host=${JVB_HOST} --domain=${JVB_HOSTNAME} --port=${JVB_PORT} --secret=${JVB_SECRET} ${JVB_OPTS}
+WorkingDirectory=~
+StateDirectory=jitsi-videobridge
+StateDirectoryMode=0750
+LogsDirectory=jitsi-videobridge
+LogsDirectoryMode=0750
 Restart=on-failure
 
+# Hardening
+#NoNewPrivileges=yes
+#PrivateTmp=yes
+#PrivateDevices=yes
+#ProtectHome=yes
+#ProtectKernelTunables=yes
+#ProtectControlGroups=yes
+#ProtectSystem=strict
+
 [Install]
 WantedBy=multi-user.target
author	C0rn3j	2020-05-27 11:07:50 +0200
committer	C0rn3j	2020-05-27 11:07:50 +0200
commit	d217b84f536f923fd5b8d40fb0073197ca5d871a (patch)
tree	9bcae3f7a6c9eb9d38c91e072192b329d0ac8b21 /jitsi-videobridge.service
parent	d051920b2e3ba52376628e087b827ef1306ce00a (diff)
download	aur-d217b84f536f923fd5b8d40fb0073197ca5d871a.tar.gz