nixos/clamav: run as clamav user not root

2023-11-20 20:49:53 +01:00 · 2023-11-20 20:49:53 +01:00 · eb746540a9
commit eb746540a9
parent ef6b8ff15a
1 changed files with 4 additions and 0 deletions
--- a/nixos/modules/services/security/clamav.nix
+++ b/nixos/modules/services/security/clamav.nix
@ -110,6 +110,8 @@ in
      serviceConfig = {
        ExecStart = "${pkg}/bin/clamd";
        ExecReload = "${pkgs.coreutils}/bin/kill -USR2 $MAINPID";
+        User = clamavUser;
+        Group = clamavGroup;
        StateDirectory = "clamav";
        RuntimeDirectory = "clamav";
        PrivateTmp = "yes";
@ -138,6 +140,8 @@ in
        SuccessExitStatus = "1"; # if databases are up to date
        StateDirectory = "clamav";
        RuntimeDirectory = "clamav";
+        User = clamavUser;
+        Group = clamavGroup;
        PrivateTmp = "yes";
        PrivateDevices = "yes";
      };