From 826b6004a06534deb7e9ee3c26e9eec2d96731fc Mon Sep 17 00:00:00 2001
From: Christian Hesse <mail@eworm.de>
Date: Wed, 30 Oct 2013 11:43:14 +0100
Subject: use unprivileged user to run services

---
 systemd/pacdbserve.service | 2 ++
 systemd/pacredir.service   | 2 ++
 systemd/pacserve.service   | 2 ++
 3 files changed, 6 insertions(+)

diff --git a/systemd/pacdbserve.service b/systemd/pacdbserve.service
index c599af0..aebd368 100644
--- a/systemd/pacdbserve.service
+++ b/systemd/pacdbserve.service
@@ -3,6 +3,8 @@ Description=Darkhttpd to serve pacman db files
 After=network.target
 
 [Service]
+User=nobody
+Group=nobody
 ExecStart=/usr/bin/darkhttpd /var/lib/pacman/sync/ --port 7079
 
 [Install]
diff --git a/systemd/pacredir.service b/systemd/pacredir.service
index 5c4c1ba..c816cef 100644
--- a/systemd/pacredir.service
+++ b/systemd/pacredir.service
@@ -3,6 +3,8 @@ Description=Redirect pacman requests via avahi service
 Requires=avahi-daemon.service
 
 [Service]
+User=nobody
+Group=nobody
 ExecStart=/usr/bin/pacredir
 
 [Install]
diff --git a/systemd/pacserve.service b/systemd/pacserve.service
index 76bdc77..74db6ef 100644
--- a/systemd/pacserve.service
+++ b/systemd/pacserve.service
@@ -3,6 +3,8 @@ Description=Darkhttpd to serve pacman cache
 After=network.target
 
 [Service]
+User=nobody
+Group=nobody
 ExecStart=/usr/bin/darkhttpd /var/cache/pacman/pkg/ --port 7078
 
 [Install]
-- 
cgit v1.2.3-54-g00ecf