Configure tgadmin service account during .deb installation by Al-Muhandis · Pull Request #13 · Al-Muhandis/AdminHelper

Al-Muhandis · 2026-03-24T20:58:44Z

Avoid hardcoding a local username in the packaged service so the daemon can run without root on other systems.
Make the runtime user/group configurable at package install time so the package is portable between hosts.
Ensure the package can create a system account when needed and instruct systemd to run the service under that account.

Add a packaged systemd unit debian/lib/systemd/system/tgadmin.service that does not embed User/Group so runtime identity can be provided via a drop-in.
Add /etc/default/tgadmin (added as a conffile) with TGADMIN_SERVICE_USER and TGADMIN_SERVICE_GROUP defaulting to tgadmin.
Update debian/DEBIAN/postinst to read TGADMIN_SERVICE_USER/GROUP from /etc/default/tgadmin, create the system group and user if missing, and write a systemd drop-in /etc/systemd/system/tgadmin.service.d/10-run-as.conf containing User= and Group= so the service runs as the non-root account.
Adjust config ownership in postinst to chown "root:${SERVICE_GROUP}" and update debian/DEBIAN/postrm purge handling to remove the generated drop-in; add /etc/default/tgadmin to DEBIAN/conffiles.

Ran a shell syntax check with bash -n debian/DEBIAN/postinst debian/DEBIAN/postrm which completed successfully.

Configure service user/group via deb package install

122bc7d

Al-Muhandis added the codex label Mar 24, 2026 — with ChatGPT Codex Connector

Al-Muhandis marked this pull request as ready for review March 26, 2026 02:11

Al-Muhandis merged commit dd81a6f into deb-packaging Mar 26, 2026
1 check passed

Al-Muhandis deleted the codex/configure-tgadmin.service-for-non-root-user branch March 26, 2026 07:40

Provide feedback