You are not logged in.

Pages: 1

#1 Today 14:49:43

Shino
Member
From: Germany
Registered: 2015-02-01
Posts: 108

Anubis: Systemd randomly chooses user. How to set socket permissions.

Hi,

I have installed anubis, to protect my gitea instance from being "DDoSed" by AI scrapers.

I use the anubis package, that ships in the arch repositories. I've configured Anubis to listen on a unix socket:

BIND_NETWORK=unix
BIND=/run/anubis/anubis.sock
SOCKET_MODE=0666
DIFFICULTY=4
METRICS_BIND=:9090
SERVE_ROBOTS_TXT=0
TARGET=unix:///run/nginx.sock

I run into some trouble because the provided .service file contains: 

DynamicUser=yes

This results in anubis getting a random UID every time. Therefore, I had to make the directory /run/anubis/ writable to all users, because otherwise the socket cannot be created. I don't really like that.
Simplest way would be creating an anubis user and patching the service file to use a fixed user/group. Any other ways of doing this, without patching the pacman installed service file?

Thanks.

Offline

#2 Today 15:04:52

seth
Member
From: Don't DM me only for attention
Registered: 2012-09-03
Posts: 71,519

Re: Anubis: Systemd randomly chooses user. How to set socket permissions.

Isn't /run a tmpfs?

findmnt -T /run/anubis

In doubt you could create a https://wiki.archlinux.org/title/System … rary_files to generate the directory and if there's nothing special about your setup somebody needs to file a bug at https://gitlab.archlinux.org/archlinux/ … s/-/issues

Fwwi, I stumbled over https://lock.cmpxchg8b.com/anubis.html

How to upload text · How to boot w/o GUI · Disable Windows Fast-Start! · Fix your xinitrc

Offline

#3 Today 15:18:38

progandy
Member
Registered: 2012-05-17
Posts: 5,296

Re: Anubis: Systemd randomly chooses user. How to set socket permissions.

You need to use the RuntimeDirectory that is allowed to be writable by the service, something like "/run/anubis/$INSTANCE_NAME/anbus.sock" I think. $INSTANCE_NAME is the part after the @ of the service.

| alias CUTF='LANG=en_XX.UTF-8@POSIX ' | alias ENGLISH='LANG=C.UTF-8 ' |

Offline

#4 Today 16:13:02

Shino
Member
From: Germany
Registered: 2015-02-01
Posts: 108

Re: Anubis: Systemd randomly chooses user. How to set socket permissions.

progandy wrote:

You need to use the RuntimeDirectory that is allowed to be writable by the service, something like "/run/anubis/$INSTANCE_NAME/anbus.sock" I think. $INSTANCE_NAME is the part after the @ of the service.

I was blid. That's it:
The service file already contains:

RuntimeDirectory=anubis/%i

So I get /run/anubis/my_instance/ as a writable directory. I missed that.

Thanks!

Offline

Pages: 1

Board footer

Powered by FluxBB