README.md/sample.config: underline the need for a dedicated user

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
2024-09-21 10:27:19 +00:00 · 2020-07-20 19:48:11 +02:00 · 2020-07-20 19:48:11 +02:00 · e75e8d2471
commit e75e8d2471
parent bf8b22f3b9
2 changed files with 7 additions and 3 deletions
--- a/README.md
+++ b/README.md
@ -114,7 +114,10 @@ $ certtool --generate-self-signed --load-privkey test-key.pem --outfile test-cer
 ```
 (make sure you enable encryption or signing)

-To run the server on the foreground edit the [sample.config](doc/sample.config) and then run:
+
+Create a dedicated user and group for the server unprivileged processes
+(e.g., 'ocserv'), and then edit the [sample.config](doc/sample.config)
+and set these users on run-as-user and run-as-group options. The run:
 ```
 # cd doc && ../src/ocserv -f -c sample.config
 ```
--- a/doc/sample.config
+++ b/doc/sample.config
@ -107,8 +107,9 @@ udp-port = 443
 #
 #listen-clear-file = /var/run/ocserv-conn.socket

-# The user the worker processes will be run as. It should be
-# unique (no other services run as this user).
+# The user the worker processes will be run as. This should be a dedicated
+# unprivileged user (e.g., 'ocserv') and no other services should run as this
+# user.
 run-as-user = nobody
 run-as-group = daemon