feat: use dedicated 'libretime' user

BREAKING CHANGE: The default `www-data` user has been replaced by a dedicated  `libretime` user to run the services. Be sure to change the ownership of the libretime files.

docs/admin-manual/library.md

@@ -10,7 +10,7 @@ This page describe the available options to manage the LibreTime library.
 To scan a directory and import the files into the library, you can use the following command:
 
 ```bash
-sudo -u www-data libretime-api bulk_import --path PATH_THE_DIRECTORY_TO_SCAN
+sudo -u libretime libretime-api bulk_import --path PATH_THE_DIRECTORY_TO_SCAN
 ```
 
 See the command usage to get available options.

docs/admin-manual/setup/install.md

@@ -162,10 +162,10 @@ Feel free to run `./install --help` to get more details.
 
 #### Using hardware audio output
 
-If you plan to output analog audio directly to a mixing console or transmitter, the user running LibreTime (by default `www-data`) needs to be added to the `audio` user group using the command below:
+If you plan to output analog audio directly to a mixing console or transmitter, the user running LibreTime needs to be added to the `audio` user group using the command below:
 
 ```bash
-sudo adduser www-data audio
+sudo adduser libretime audio
 ```
 
 ### Setup
@@ -175,7 +175,7 @@ Once the installation is completed, edit the [configuration file](./configuratio
 Next, run the following commands to setup the database:
 
 ```bash
-sudo -u www-data libretime-api migrate
+sudo -u libretime libretime-api migrate
 ```
 
 Synchronize the new Icecast passwords into the database:

docs/admin-manual/setup/upgrade.md

@@ -36,7 +36,7 @@ Be sure to carefully read **all** the [releases notes](../../releases/README.md)
 Run the following command to apply the database migrations:
 
 ```bash
-sudo -u www-data libretime-api migrate
+sudo -u libretime libretime-api migrate
 ```
 
 ## Restart the services

docs/admin-manual/troubleshooting.md

@@ -49,7 +49,7 @@ On a common setup, to access LibreTime specific logs you should search for the f
 For some LibreTime services, you can set a higher log level using the `LIBRETIME_LOG_LEVEL` environment variable, or by running the service by hand and using a command line flag:
 
 ```bash
-sudo -u www-data libretime-analyzer --config /etc/libretime/config.yml --log-level debug
+sudo -u libretime libretime-analyzer --config /etc/libretime/config.yml --log-level debug
 ```
 
 The `/var/log/apache2/libretime.error.log` file contains logs from the web server.

docs/releases/unreleased.md

@@ -110,6 +110,21 @@ The worker service no longer uses a dedicated `celery` user to run. The old `cel
 sudo deluser celery
 ```
 
+### LibreTime user
+
+The LibreTime services now run using a dedicated `libretime` user instead of the default `www-data` user. Be sure to change the ownership of the LibreTime files:
+
+```bash
+# Configuration directory
+sudo chown -R libretime:libretime /etc/libretime
+# Logs directory
+sudo chown -R libretime:libretime /var/log/libretime
+# Runtime directory
+sudo chown -R libretime:libretime /var/lib/libretime
+# Storage directory
+sudo chown -R libretime:libretime /srv/libretime
+```
+
 ### New configuration schema
 
 The configuration schema was updated.

docs/user-manual/playout-history.md

@@ -311,7 +311,7 @@ sudo nano /etc/cron.d/libretime-schedule
 containing the line:
 
 ```
-* * * * * www-data /usr/local/bin/libretime-schedule.sh
+* * * * * libretime /usr/local/bin/libretime-schedule.sh
 ```
 
 The schedule server will now be serving the same show information as the LibreTime server, with a cache lifetime of one minute. You can adjust the cache lifetime by altering the frequency of the cron job that polls the LibreTime server.