this post was submitted on 21 Aug 2024
278 points (97.9% liked)
Linux
48214 readers
1085 users here now
From Wikipedia, the free encyclopedia
Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).
Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.
Rules
- Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.
- No misinformation
- No NSFW content
- No hate speech, bigotry, etc
Related Communities
Community icon by Alpár-Etele Méder, licensed under CC BY 3.0
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
I think this one beats them all.
My home server keeps a few services up, including an instance of Jitsi Meet. The server runs nixos and the nixos package for jitsi is incomplete to say the least and doesn't even support authentication, so I use the docker-compose version and I have a script that runs periodically to keep it updated. So far so good, right? Well, no.
Because the server is at home, I have a dynamic external IP address, so I have to use a DDNS provider, but jitsi doesn't expect this and uses a stun server at startup to determine the public IP of the server once, so if my connection goes down or is restarted and the IP changes, jitsi needs to be restarted or it won't work anymore.
The solution?
I've been running this setup since mid 2020 and I expect this to continue until IPv6 becomes the norm.
Couldn't it be possible to set a script that restarts jitsi as that user's login shell?
The jitsi user is a system user so it can't login even if you set a key for it. Besides, I wouldn't risk it anyway since that user is in the docker group, if it gets compromised somehow, the attacker would have very high privileges.