Deluge

From The World according to Vissie
Jump to navigation Jump to search

How to setup Deluge as a service

apt-get install deluged deluge-console deluge-web

For security it is best to run a service with a specific user and group. You can create one using the following command:

adduser --system  --gecos "Deluge Service" --disabled-password --group --home /var/lib/deluge deluge

Add to the deluge group any users you wish to be able to easily manage or access files downloaded through Deluge, for example:

adduser <username> deluge

Create the file /etc/init/deluged.conf with the following code and set uid and gid to the user and group you wish to run deluged as:

# deluged - Deluge daemon
#
# The daemon component of Deluge BitTorrent client. Deluge UI clients
# connect to this daemon via DelugeRPC protocol.
description "Deluge daemon"
author "Deluge Team"
start on filesystem and static-network-up
stop on runlevel [016]
respawn
respawn limit 5 30
env uid=deluge
env gid=deluge
env umask=007
exec start-stop-daemon -S -c $uid:$gid -k $umask -x /usr/bin/deluged -- -d

You may wish to modify the above umask as it applies to any files downloaded by deluged. 007 grants full access to the user and members of the group deluged is running as (in this case deluge) and prevents access from all other accounts. 022 grants full access to the user deluged is running as and only read access to other accounts. 000 grants full access to all accounts.

Create the file /etc/init/deluge-web.conf with the following code and set uid and gid as required:

  1. deluge-web - Deluge Web UI
  2. The Web UI component of Deluge BitTorrent client, connects to deluged and
  3. provides a web application interface for users. Default url: http://localhost:8112

description "Deluge Web UI" author "Deluge Team"

start on started deluged stop on stopping deluged

respawn respawn limit 5 30

env uid=deluge env gid=deluge env umask=027

exec start-stop-daemon -S -c $uid:$gid -k $umask -x /usr/bin/deluge-web umask 027 grants full access to uid, read access to gid and prevents access from all other accounts. This should only affect the permissions of plugins installed through the Web UI and, if enabled, logs. Group permissions are restricted to read-only to prevent compromised member accounts injecting malicious code into plugins or modifying the logs.