Y
Hacker News
new
|
ask
|
show
|
jobs
by
q3k
3807 days ago
There is a difference between not bringing in additional security and bringing anti-security. In my eyes, you are doing the latter.
Your default examples elevate privilege, not warning the user about this fact anywhere.
1 comments
iMil
3807 days ago
Duly noted, I just added a word about it on the GitHub page, and you're right, I should run the examples services with a dedicated user as I already do for the nginx process. Thanks for your feedback!
link
iMil
3807 days ago
And so it is, I just commited changes so both PM2 and gunicorn are started with a specific user.
link