lasimik
/
borgmatic_notifications
1
1
Fork 0
Code Issues Pull Requests Releases Activity

Update 'Readme.md'

This commit is contained in:
lasimik 2021-05-17 01:28:52 +00:00
parent 83798c3696
commit 3299c9c0c7
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Readme.md
View File

@ -18,7 +18,7 @@ The template from the borgmatic site (the`borgmatic.timer`) is fine, insert a st
### In the systemd service
Again, the template from the borgmatic site (the `borgmatic.service`) is good, but needs an essential change:
The line `CapabilityBoundingSet=…` must give the additional capabilities `AP_SETUID `and `CAP_SETGID`. This will allow borgmatic (and whatever is called from it!!) to impersonate a different user (other than root).
The line `CapabilityBoundingSet=…` must grant the additional capabilities `AP_SETUID `and `CAP_SETGID`. This will allow borgmatic (and whatever is called from it!!) to impersonate a different user (other than root).
*_This means a softening of security settings._ Make sure all permissions on borgmatic and scripts are set correctly!*