Make passenger rubyapp runs as obsapi user.
Passenger's default user is nobody: https://www.phusionpassenger.com/library/config/nginx/reference/#passenger_default_user So that we got Passenger and the RubyApp runs as nobody. However, according to Debian's SystemGroup usage: https://wiki.debian.org/SystemGroups nogroup (user: nobody): Daemons that need not own any files run as user nobody and group nogroup. Thus, no files on a system should be owned by this user or group. So that we should create a new user call 'obapi' and force passenger app to run as obs-api instead. And config files should be readable by that obsapi user but usually not writable. Signed-off-by: Andrew Lee (李健秋) <firstname.lastname@example.org>
Showing with 31 additions and 7 deletions