Arch Linux

Thing is, there is no persistent matterbridge user nor group, so matterbridge is effectively run without privileges (and thus has even less rights than any logged in user). So we either need to find out how DynamicUser can have a private configuration file or move from a DynamicUser to a static one. I have no time to look at it right know, but if you find out a solution for the first possibility please let me know and I’ll implement it.

Apparently `ConfigurationDirectory=matterbridge` combined with DynamicUser will make the temporary user own the file under `/etc/matterbridge/`, but this remains to be tested. I don’t have a running matterbridge at hand currently, so I’ll need someone else to test.

Could you do the following?
0. Stop the running matterbridge if any.
1. Edit the systemd matterbridge.service file on your system, replacing `ExecStart=/usr/bin/matterbridge -conf /etc/matterbridge.toml` by `ExecStart=/usr/bin/matterbridge -conf /etc/matterbridge/matterbridge.toml` and adding `ConfigurationDirectory=matterbridge`.
2. Move `/etc/matterbridge.toml` to `/etc/matterbridge/matterbridge.toml`, make sure the folder is root:root 755 or 700, and the config file within root:root 600.
3. Start matterbridge and verify if it was able to read its configuration file.

Actually the documentation says `Except in case of ConfigurationDirectory`, so this won’t work.

However another idea could be to copy the configuration file to a temporary place only accessible to this user, and change the permissions. Something like StateDirectory could be used for this. I’ll try to work something out.

Solved in 1.23.2-3 with a dynamic StateDirectory as Gabriel suggested.