1
0
Fork 0
mirror of https://github.com/Sonarr/Sonarr synced 2024-12-23 00:07:07 +00:00

Updated Autostart on Debian (markdown)

schniederzero 2017-03-23 09:20:38 -05:00
parent 524749e4c4
commit 295e9e467e

@ -100,29 +100,32 @@ exit 0
**Security Note** **Security Note**
For security purposes, you can prevent this account from being logged into by editing the '/etc/passwd' entry for user nzbdrone and changing it to '/bin/false' or /usr/sbin/nologin'. I've also removed the password from '/etc/shadow'. From researching, these both appear to be the manual ways to perform the '--disable-login' and '--disable-password' while creating a new user. Alternatively, you can accomplish this same task by creating a user with the '--system' option. For security purposes, you can prevent this account from being logged into by editing the '/etc/passwd' entry for user nzbdrone and changing it to '/bin/false' or /usr/sbin/nologin'. I've also removed the password from '/etc/shadow'. From researching, these both appear to be the manual ways to perform the '--disable-login' and '--disable-password' while creating a new user. Alternatively, you can accomplish this same task by creating a user with the '--system' option. If You use the --system flag while creating a user, it will not have a home directory as listed below, so You may need to manually create one.
/etc/passwd 'nzbdrone:x:1001:1001:NzbDrone Sonarr Media:/home/nzbdrone:/bin/false' /etc/passwd 'nzbdrone:x:1001:1001:NzbDrone Sonarr Media:/home/nzbdrone:/bin/false'
/etc/shadow 'nzbdrone:*:17124:0:99999:7:::' /etc/shadow 'nzbdrone:*:17124:0:99999:7:::'
Utilizing the '/usr/sbin/nologin' option will output what's seen below, when attempting to change to that user from root. Utilizing the '/bin/false' option will output what's seen below, when attempting to change to that user from root.
su - nzbdrone su - nzbdrone
This account is currently not available. This account is currently not available.
Now, recursively edit the /opt/NzbDrone directory to only allow read, write and executable access to the directory owner and other users in the same group as this directory. Now, recursively edit the /opt/NzbDrone directory, and the home directory, to only allow read, write and executable access to the directory owner and other users in the same group as this directory.
chmod 770 /opt/NzbDrone -R chmod 770 /opt/NzbDrone -R
chmod 770 /home/nzbdrone -R
Add the directory to the group 'nzbdrone' and modify the owner to 'nzbdrone' Add the directories to the group 'nzbdrone' and modify the owner to 'nzbdrone'
chown nzbdrone:nzbdrone /opt/NzbDrone -R chown nzbdrone:nzbdrone /opt/NzbDrone -R
chown nzbdrone:nzbdrone /home/nzbdrone -R
If all is well, you should see the following outputs. If all is well, you should see the following outputs.
ls -ld /opt/NzbDrone/ ls -ld /opt/NzbDrone/
drwxrwx--- 4 nzbdrone nzbdrone 4096 Nov 23 17:31 /opt/NzbDrone/ drwxrwx--- 4 nzbdrone nzbdrone 4096 Nov 23 17:31 /opt/NzbDrone/
ls -ld /home/sabnzbd
drwxrwx--- 4 nzbdrone nzbdrone 4096 Nov 23 17:36 /home/nzbdrone
ls -la /opt/NzbDrone/NzbDrone.exe ls -la /opt/NzbDrone/NzbDrone.exe
-rwxrwx--- 1 nzbdrone nzbdrone 23552 Nov 6 13:05 /opt/NzbDrone/NzbDrone.exe -rwxrwx--- 1 nzbdrone nzbdrone 23552 Nov 6 13:05 /opt/NzbDrone/NzbDrone.exe