nixos/mysql: run as mysql user and group
As we don't need to setup data directories from ExecStartPre= scripts anymore, which required root, but use systemd.tmpfiles.rules instead, everything can be run as just the mysql user.
This commit is contained in:
parent
25494cc193
commit
edd10c12f7
2 changed files with 13 additions and 0 deletions
|
@ -162,6 +162,17 @@
|
|||
which is linked to <literal>fr-toutesvariantes.{aff,dic}</literal>.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
The <literal>mysql</literal> service now runs as <literal>mysql</literal>
|
||||
user. Previously, systemd did execute it as root, and mysql dropped privileges
|
||||
itself.
|
||||
This includes <literal>ExecStartPre=</literal> and
|
||||
<literal>ExecStartPost=</literal> phases.
|
||||
To accomplish that, runtime and data directory setup was delegated to
|
||||
RuntimeDirectory and tmpfiles.
|
||||
</para>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
</section>
|
||||
</section>
|
||||
|
|
|
@ -326,6 +326,8 @@ in
|
|||
'';
|
||||
|
||||
serviceConfig = {
|
||||
User = cfg.user;
|
||||
Group = "mysql";
|
||||
Type = if hasNotify then "notify" else "simple";
|
||||
# /run/mysqld needs to be created in addition to pidDir, as they could point to different locations
|
||||
RuntimeDirectory = "mysqld";
|
||||
|
|
Loading…
Reference in a new issue