Browse Source

Update 'Readme.md'

master
lasimik 3 months ago
parent
commit
3299c9c0c7
  1. 2
      Readme.md

2
Readme.md

@ -18,7 +18,7 @@ The template from the borgmatic site (the`borgmatic.timer`) is fine, insert a st
### In the systemd service
Again, the template from the borgmatic site (the `borgmatic.service`) is good, but needs an essential change:
The line `CapabilityBoundingSet=…` must give the additional capabilities `AP_SETUID `and `CAP_SETGID`. This will allow borgmatic (and whatever is called from it!!) to impersonate a different user (other than root).
The line `CapabilityBoundingSet=…` must grant the additional capabilities `AP_SETUID `and `CAP_SETGID`. This will allow borgmatic (and whatever is called from it!!) to impersonate a different user (other than root).
*_This means a softening of security settings._ Make sure all permissions on borgmatic and scripts are set correctly!*

Loading…
Cancel
Save