diff options
| author | Martin Weinelt <hexa@darmstadt.ccc.de> | 2021-12-05 21:16:39 +0100 |
|---|---|---|
| committer | Simon Weber <sweber2342@gmail.com> | 2021-12-06 18:30:01 +0100 |
| commit | 96d69e40f24409758a8effc70027285b79d8846b (patch) | |
| tree | 2112fdd765c751897f2d66f0272d405b0f84a51d /nixos | |
| parent | f277b0945ea9c7759d222148e360532d253d2d46 (diff) | |
nixos/zigbee2mqtt: run as zigbee2mqtt group
Not setting a group is a security defect, since that will run the unit
under the root group.
Fixes: 1af87596 ("nixos/zigbee2mqtt: init")
Diffstat (limited to 'nixos')
| -rw-r--r-- | nixos/modules/services/misc/zigbee2mqtt.nix | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/nixos/modules/services/misc/zigbee2mqtt.nix b/nixos/modules/services/misc/zigbee2mqtt.nix index 94b68a13beac9..ff6d595e5a6e3 100644 --- a/nixos/modules/services/misc/zigbee2mqtt.nix +++ b/nixos/modules/services/misc/zigbee2mqtt.nix @@ -79,6 +79,7 @@ in serviceConfig = { ExecStart = "${cfg.package}/bin/zigbee2mqtt"; User = "zigbee2mqtt"; + Group = "zigbee2mqtt"; WorkingDirectory = cfg.dataDir; Restart = "on-failure"; |