refactor(linux): switch to DynamicUser=yes, drop install-time user creation
AUR installs never call `numa install` — PKGBUILD drops the unit straight into /usr/lib/systemd/system and the user runs `systemctl enable numa`. With User=numa the Rust installer's useradd code never fires there, breaking Arch out of the box. DynamicUser=yes sidesteps packaging entirely — systemd allocates a transient UID per start and remaps StateDirectory ownership (including legacy root-owned trees) automatically. Works on any modern systemd. Drops the ensure_numa_user_linux/chown helpers plus NUMA_USER; the unit file alone now captures the privilege-drop story.
This commit is contained in:
Razvan Dimescu
@@ -9,14 +9,14 @@ ExecStart={{exe_path}}
|
||||
Restart=always
|
||||
RestartSec=2
|
||||
|
||||
User=numa
|
||||
Group=numa
|
||||
# Transient system user per start; no PKGBUILD/sysusers setup required.
|
||||
# systemd remaps the StateDirectory ownership to the dynamic UID on each
|
||||
# launch, including legacy root-owned trees from pre-drop installs.
|
||||
DynamicUser=yes
|
||||
|
||||
AmbientCapabilities=CAP_NET_BIND_SERVICE
|
||||
CapabilityBoundingSet=CAP_NET_BIND_SERVICE
|
||||
|
||||
# StateDirectory maps to crate::data_dir() default on Linux (/var/lib/numa).
|
||||
# systemd auto-creates + chowns on every start, fixing legacy root-owned trees.
|
||||
StateDirectory=numa
|
||||
StateDirectoryMode=0750
|
||||
ConfigurationDirectory=numa
|
||||
|
||||
Reference in New Issue
Block a user