fix: Remove "coder" user and group from systemd service (#559)

This caused an inability to listen on privileged ports and read certs from LetsEncrypt. It seems more hurtful rather than helpful, so removing the restriction seems reasonable.
2025-07-23 21:32:07 +00:00 · 2022-03-24 18:20:13 -06:00
parent d371a66447
commit 39e5fcfd61
2 changed files with 16 additions and 18 deletions
--- a/coder.service
+++ b/coder.service
@ -10,15 +10,13 @@ StartLimitBurst=3
 [Service]
 Type=notify
 EnvironmentFile=/etc/coder.d/coder.env
-User=coder
-Group=coder
 ProtectSystem=full
 ProtectHome=read-only
 PrivateTmp=yes
 PrivateDevices=yes
 SecureBits=keep-caps
-AmbientCapabilities=CAP_IPC_LOCK CAP_NET_BIND_SERVICE
-CapabilityBoundingSet=CAP_SYSLOG CAP_IPC_LOCK
+AmbientCapabilities=CAP_IPC_LOCK
+CapabilityBoundingSet=CAP_SYSLOG CAP_IPC_LOCK CAP_NET_BIND_SERVICE
 NoNewPrivileges=yes
 ExecStart=/usr/bin/coder start
 Restart=on-failure