Merge pull request #493 from nickhilliard/im-warning-about-running-as-root

oxidized should be run as its own username, not as root

2 files changed, 9 insertions, 1 deletions

diff --git a/README.md b/README.md
index 6c7e381..281901c 100644
--- a/README.md
+++ b/README.md
@@ -166,6 +166,14 @@ gem install oxidized-script oxidized-web
 
 Oxidized configuration is in YAML format. Configuration files are subsequently sourced from ```/etc/oxidized/config``` then ```~/.config/oxidized/config```. The hashes will be merged, this might be useful for storing source information in a system wide file and  user specific configuration in the home directory (to only include a staff specific username and password). Eg. if many users are using ```oxs```, see [Oxidized::Script](https://github.com/ytti/oxidized-script).
 
+It is recommended practice to run Oxidized using its own username.  This username can be added using standard command-line tools:
+
+```
+useradd oxidized
+```
+
+It is recommended not to run Oxidized as root.
+
 To initialize a default configuration in your home directory ```~/.config/oxidized/config```, simply run ```oxidized``` once. If you don't further configure anything from the output and source sections, it'll extend the examples on a subsequent ```oxidized``` execution. This is useful to see what options for a specific source or output backend are available.
 
 You can set the env variable `OXIDIZED_HOME` to change its home directory.
diff --git a/extra/oxidized.service b/extra/oxidized.service
index 65063b7..ba60bd5 100644
--- a/extra/oxidized.service
+++ b/extra/oxidized.service
@@ -6,7 +6,7 @@ Description=Oxidized - Network Device Configuration Backup Tool
 
 [Service]
 ExecStart=/usr/local/bin/oxidized
-User=root
+User=oxidized
 
 [Install]
 WantedBy=multi-user.target