From 295e9e467e2a015caf01ac146e44f93bb326b90c Mon Sep 17 00:00:00 2001 From: schniederzero Date: Thu, 23 Mar 2017 09:20:38 -0500 Subject: [PATCH] Updated Autostart on Debian (markdown) --- Autostart-on-Debian.md | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/Autostart-on-Debian.md b/Autostart-on-Debian.md index e72a41a..89e9aee 100644 --- a/Autostart-on-Debian.md +++ b/Autostart-on-Debian.md @@ -100,29 +100,32 @@ exit 0 **Security Note** -For security purposes, you can prevent this account from being logged into by editing the '/etc/passwd' entry for user nzbdrone and changing it to '/bin/false' or /usr/sbin/nologin'. I've also removed the password from '/etc/shadow'. From researching, these both appear to be the manual ways to perform the '--disable-login' and '--disable-password' while creating a new user. Alternatively, you can accomplish this same task by creating a user with the '--system' option. +For security purposes, you can prevent this account from being logged into by editing the '/etc/passwd' entry for user nzbdrone and changing it to '/bin/false' or /usr/sbin/nologin'. I've also removed the password from '/etc/shadow'. From researching, these both appear to be the manual ways to perform the '--disable-login' and '--disable-password' while creating a new user. Alternatively, you can accomplish this same task by creating a user with the '--system' option. If You use the --system flag while creating a user, it will not have a home directory as listed below, so You may need to manually create one. /etc/passwd 'nzbdrone:x:1001:1001:NzbDrone Sonarr Media:/home/nzbdrone:/bin/false' /etc/shadow 'nzbdrone:*:17124:0:99999:7:::' -Utilizing the '/usr/sbin/nologin' option will output what's seen below, when attempting to change to that user from root. +Utilizing the '/bin/false' option will output what's seen below, when attempting to change to that user from root. su - nzbdrone This account is currently not available. -Now, recursively edit the /opt/NzbDrone directory to only allow read, write and executable access to the directory owner and other users in the same group as this directory. +Now, recursively edit the /opt/NzbDrone directory, and the home directory, to only allow read, write and executable access to the directory owner and other users in the same group as this directory. chmod 770 /opt/NzbDrone -R + chmod 770 /home/nzbdrone -R -Add the directory to the group 'nzbdrone' and modify the owner to 'nzbdrone' +Add the directories to the group 'nzbdrone' and modify the owner to 'nzbdrone' chown nzbdrone:nzbdrone /opt/NzbDrone -R + chown nzbdrone:nzbdrone /home/nzbdrone -R If all is well, you should see the following outputs. ls -ld /opt/NzbDrone/ drwxrwx--- 4 nzbdrone nzbdrone 4096 Nov 23 17:31 /opt/NzbDrone/ - + ls -ld /home/sabnzbd + drwxrwx--- 4 nzbdrone nzbdrone 4096 Nov 23 17:36 /home/nzbdrone ls -la /opt/NzbDrone/NzbDrone.exe -rwxrwx--- 1 nzbdrone nzbdrone 23552 Nov 6 13:05 /opt/NzbDrone/NzbDrone.exe