AdGuard Home : security and logging improvment

[cweiland]

✍️ Description

• Create a dedicated user (adguardhome)
• Set needed rights to listen on dns port
• Add user on service file
• Logs are now on journald

🔗 Related PR / Issue

Link: #

✅ Prerequisites (X in brackets)

• Self-review completed – Code follows project standards.
• Tested thoroughly – Changes work as expected.
• No security risks – No hardcoded secrets, unnecessary privilege escalations, or permission issues.

---

🛠️ Type of Change (X in brackets)

• 🐞 Bug fix – Resolves an issue without breaking functionality.
• ✨ New feature – Adds new, non-breaking functionality.
• 💥 Breaking change – Alters existing functionality in a way that may require updates.
• 🆕 New script – A fully functional and tested script or script set.
• 🌍 Website update – Changes to website-related JSON files or metadata.
• 🔧 Refactoring / Code Cleanup – Improves readability or maintainability without changing functionality.
• 📝 Documentation update – Changes to README, AppName.md, CONTRIBUTING.md, or other docs.

[michelroegl-brunner]

Why is this needed? Dose it no longer work with root? We keep all installs as root user for a consitency reason.

[CrazyWolf13]

is there any added benefit of this?

[cweiland]

is easier to manage logs with journald than plain files
ex : rotating logs, search, ...

[CrazyWolf13]

agreed on this one

[cweiland]

Why is this needed? Dose it no longer work with root? We keep all installs as root user for a consitency reason.

it's better to run it with a dedicated account to avoid privileges escalation issues

[michelroegl-brunner]

We have discussed this internaly with all maintainers and our conclusion was that we dont want to start to create individual users for all apps.