sbonazzo / rpms / cyrus-sasl

Forked from rpms/cyrus-sasl 2 years ago
Clone

Blame SOURCES/cyrus-sasl-2.1.26-saslauthd-user.patch

b9abc1
diff --git a/saslauthd/saslauthd.mdoc b/saslauthd/saslauthd.mdoc
b9abc1
index 37c6f6e..5b635ab 100644
b9abc1
--- a/saslauthd/saslauthd.mdoc
b9abc1
+++ b/saslauthd/saslauthd.mdoc
b9abc1
@@ -44,7 +44,27 @@ multi-user mode. When running against a protected authentication
b9abc1
 database (e.g. the
b9abc1
 .Li shadow
b9abc1
 mechanism),
b9abc1
-it must be run as the superuser.
b9abc1
+it must be run as the superuser. Otherwise it is recommended to run
b9abc1
+daemon unprivileged as saslauth:saslauth. You can do so by following
b9abc1
+these steps:
b9abc1
+.Bl -enum -compact
b9abc1
+.It
b9abc1
+create directory
b9abc1
+.Pa /etc/systemd/system/saslauthd.service.d/
b9abc1
+.It
b9abc1
+create file
b9abc1
+.Pa /etc/systemd/system/saslauthd.service.d/user.conf
b9abc1
+with content
b9abc1
+.Bd -literal
b9abc1
+[Service]
b9abc1
+User=saslauth
b9abc1
+Group=saslauth
b9abc1
+
b9abc1
+.Ed
b9abc1
+.It
b9abc1
+Reload systemd service file: run
b9abc1
+.Dq systemctl daemon-reload
b9abc1
+.El
b9abc1
 .Ss Options
b9abc1
 Options named by lower\-case letters configure the server itself.
b9abc1
 Upper\-case options control the behavior of specific authentication