hello,
just wanted make following suggestion.
per default ejabberd is started and running as ejabberd user with "/bin/sh" shell access (upstart/init.d).
to harden the proccess in linux style i take away shell access from ejabberd user,
- usermod -s /usr/sbin/nologin ejabberd
- changed line in "/etc/init.d/ejabberd"
from
su $EJABBERDUSER -c "$EJABBERDCTL $action" >/dev/null
to
sudo -u "$EJABBERDUSER" sh -c "$EJABBERDCTL $action" >/dev/null
the dropdown is that ejabberd package depends on sudo now.
can anyone please tell if this is desirable?
