Increasing the security of the two systemd units #496
Comments
|
I don't know why, but the button to add files didn't work. I will post the files here: rustdesk-hbbr.service [Unit] [Service] [Install] rustdesk-hbbs.service [Unit] [Service] [Install] |
Is your feature request related to a problem? Please describe.
Rustdesk provides two systemd units (see https://github.com/rustdesk/rustdesk-server/tree/master/systemd). These two unit files offer much less security than would be possible.
Describe the solution you'd like
The Rustdesk services should not be started with root privileges. When installing the deb packages, a suitable user and group should be created, for example "rustdesk", and the access rights of the directories "/var/lib/rustdesk-server/" and "/var/log/rustdesk-server" should be set accordingly.
The changes mentioned under point 1 should be taken into account in the two systemd units (rustdesk-hbbr.service, rustdesk-hbbs.service). Furthermore, the execution environment of the services should be configured more restrictively in these files. You can see what the modified unit files might look like in the examples attached here.
Describe alternatives you've considered
Leave it as it is, but this weakens security IMHO
Additional context
Add any other context about the feature request here.
The text was updated successfully, but these errors were encountered: