From a689e3037fe8f90bf7cef25fa74e4216d863c68d Mon Sep 17 00:00:00 2001
From: feinedquirrel <feinedsquirrel@gmail.com>
Date: Wed, 22 Feb 2023 15:28:35 -0700
Subject: [PATCH] run systemd unit as authelia user

---
 authelia.service       | 2 ++
 authelia.sysusers.conf | 3 +++
 authelia.tmpfiles      | 1 +
 authelia@.service      | 2 ++
 4 files changed, 8 insertions(+)
 create mode 100644 authelia.sysusers.conf
 create mode 100644 authelia.tmpfiles

diff --git a/authelia.service b/authelia.service
index 48b2065fd..e987dfe9f 100644
--- a/authelia.service
+++ b/authelia.service
@@ -3,6 +3,8 @@ Description=Authelia authentication and authorization server
 After=multi-user.target
 
 [Service]
+User=authelia
+Group=authelia
 Environment=AUTHELIA_SERVER_DISABLE_HEALTHCHECK=true
 ExecStart=/usr/bin/authelia --config /etc/authelia/configuration.yml
 SyslogIdentifier=authelia
diff --git a/authelia.sysusers.conf b/authelia.sysusers.conf
new file mode 100644
index 000000000..8ccc89232
--- /dev/null
+++ b/authelia.sysusers.conf
@@ -0,0 +1,3 @@
+#Type Name       ID      GECOS             Home directory Shell
+u     authelia   -       "authelia user"
+m     authelia   redis
diff --git a/authelia.tmpfiles b/authelia.tmpfiles
new file mode 100644
index 000000000..d2fc90d7b
--- /dev/null
+++ b/authelia.tmpfiles
@@ -0,0 +1 @@
+e /etc/authelia 0700 authelia authelia
diff --git a/authelia@.service b/authelia@.service
index 034ff6594..23c871a86 100644
--- a/authelia@.service
+++ b/authelia@.service
@@ -3,6 +3,8 @@ Description=Authelia authentication and authorization server
 After=multi-user.target
 
 [Service]
+User=authelia
+Group=authelia
 Environment=AUTHELIA_SERVER_DISABLE_HEALTHCHECK=true
 ExecStart=/usr/bin/authelia --config /etc/authelia/%i.yml
 SyslogIdentifier=authelia-%i