From 6f42348822bbafd65d554a57d66e64bdeee0fa6b Mon Sep 17 00:00:00 2001
From: "Robin H. Johnson" <robbat2@gentoo.org>
Date: Thu, 14 May 2015 10:51:15 -0700
Subject: [PATCH] Actually run as non-root, --user is for matching not chuid.

Signed-off-by: Robin H. Johnson <robbat2@gentoo.org>
---
 templates/webhook.init.erb        | 2 +-
 templates/webhook.init.gentoo.erb | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/templates/webhook.init.erb b/templates/webhook.init.erb
index 232f69aa..caa3a0cf 100755
--- a/templates/webhook.init.erb
+++ b/templates/webhook.init.erb
@@ -31,7 +31,7 @@ start() {
     echo
     echo -n $"Starting webhook: "
     <% if @osfamily == 'Debian' -%>
-    start-stop-daemon --start --user ${DAEMON_USER:?} <%= scope.lookupvar('r10k::params::start_pidfile_args') %> --startas=$webhook
+    start-stop-daemon --start --chuid ${DAEMON_USER} --user ${DAEMON_USER:?} <%= scope.lookupvar('r10k::params::start_pidfile_args') %> --startas=$webhook
     <% else -%>
     daemon --user ${DAEMON_USER:?} <%= scope.lookupvar('r10k::params::start_pidfile_args') %> $webhook
     <% end -%>
diff --git a/templates/webhook.init.gentoo.erb b/templates/webhook.init.gentoo.erb
index 8064bbac..40680daf 100644
--- a/templates/webhook.init.gentoo.erb
+++ b/templates/webhook.init.gentoo.erb
@@ -13,6 +13,7 @@ WEBHOOK_BIN=${WEBHOOK_BIN:=/usr/local/bin/webhook}
 command=${WEBHOOK_BIN}
 pidfile=${WEBHOOK_PIDFILE}
 start_stop_daemon_args="--pidfile ${pidfile} \
+  --chuid ${WEBHOOK_USER} \
   --user ${WEBHOOK_USER} \
   --name ${command}"