mirror of
https://github.com/dashpay/dash.git
synced 2024-12-25 03:52:49 +01:00
Merge #16556: Fix systemd service file configuration directory setup
f3b57f4a1c17aadbf02d408e980490c88838c6ba Unrecommend making config file owned by bitcoin (setpill) 870d4152dfc3d990e336723562948835c2dbd646 Set ProtectHome in systemd service file (setpill) 639a416e3758b3005b860b198f0ec7bdd80a7f0c Chgrp config dir to bitcoin in systemd service (setpill) aded0528f0e1e3735ce8dd26fd9e546150b73187 Improve clarity of systemd service file comments (setpill) Pull request description: Rationale: ran into a bug with the systemd service file, fixed it locally and figured I might as well contribute my fix. Also fixed some unrelated confusing phrasing in the comments of the same file, after discussion in IRC. ACKs for top commit: sipsorcery: tACK f3b57f4a1c17aadbf02d408e980490c88838c6ba (nothing changed since previous tACK). ryanofsky: utACK f3b57f4a1c17aadbf02d408e980490c88838c6ba. Only change since last review is removing ConfigurationDirectoryMode churn in early commits Tree-SHA512: 2188345878925b9e8a5c2c3df8dfba443720e2252a164db54a8e1d8007846721497b2d98c56f1d9b60a9a9ed4fdb1156c7b02c699616b220a9b614671617d32a
This commit is contained in:
parent
8b0f3f7945
commit
0c05d0b59d
@ -5,8 +5,9 @@
|
|||||||
# See "man systemd.service" for details.
|
# See "man systemd.service" for details.
|
||||||
|
|
||||||
# Note that almost all daemon options could be specified in
|
# Note that almost all daemon options could be specified in
|
||||||
# /etc/dash/dash.conf, except for those explicitly specified as arguments
|
# /etc/dash/dash.conf, but keep in mind those explicitly
|
||||||
# in ExecStart=
|
# specified as arguments in ExecStart= will override those in the
|
||||||
|
# config file.
|
||||||
|
|
||||||
[Unit]
|
[Unit]
|
||||||
Description=Dash daemon
|
Description=Dash daemon
|
||||||
@ -18,6 +19,10 @@ ExecStart=/usr/bin/dashd -daemon \
|
|||||||
-conf=/etc/dash/dash.conf \
|
-conf=/etc/dash/dash.conf \
|
||||||
-datadir=/var/lib/dashd
|
-datadir=/var/lib/dashd
|
||||||
|
|
||||||
|
# Make sure the config directory is readable by the service user
|
||||||
|
PermissionsStartOnly=true
|
||||||
|
ExecStartPre=/bin/chgrp dashcore /etc/dash
|
||||||
|
|
||||||
# Process management
|
# Process management
|
||||||
####################
|
####################
|
||||||
|
|
||||||
@ -54,6 +59,9 @@ PrivateTmp=true
|
|||||||
# Mount /usr, /boot/ and /etc read-only for the process.
|
# Mount /usr, /boot/ and /etc read-only for the process.
|
||||||
ProtectSystem=full
|
ProtectSystem=full
|
||||||
|
|
||||||
|
# Deny access to /home, /root and /run/user
|
||||||
|
ProtectHome=true
|
||||||
|
|
||||||
# Disallow the process and all of its children to gain
|
# Disallow the process and all of its children to gain
|
||||||
# new privileges through execve().
|
# new privileges through execve().
|
||||||
NoNewPrivileges=true
|
NoNewPrivileges=true
|
||||||
|
10
doc/init.md
10
doc/init.md
@ -59,11 +59,11 @@ Data directory: `/var/lib/dashd`
|
|||||||
PID file: `/var/run/dashd/dashd.pid` (OpenRC and Upstart) or `/run/dashd/dashd.pid` (systemd)
|
PID file: `/var/run/dashd/dashd.pid` (OpenRC and Upstart) or `/run/dashd/dashd.pid` (systemd)
|
||||||
Lock file: `/var/lock/subsys/dashd` (CentOS)
|
Lock file: `/var/lock/subsys/dashd` (CentOS)
|
||||||
|
|
||||||
The configuration file, PID directory (if applicable) and data directory
|
The PID directory (if applicable) and data directory should both be owned by the
|
||||||
should all be owned by the dashcore user and group. It is advised for security
|
dashcore user and group. It is advised for security reasons to make the
|
||||||
reasons to make the configuration file and data directory only readable by the
|
configuration file and data directory only readable by the dashcore user and
|
||||||
dashcore user and group. Access to dash-cli and other dashd rpc clients
|
group. Access to dash-cli and other dashd rpc clients can then be
|
||||||
can then be controlled by group membership.
|
controlled by group membership.
|
||||||
|
|
||||||
NOTE: When using the systemd .service file, the creation of the aforementioned
|
NOTE: When using the systemd .service file, the creation of the aforementioned
|
||||||
directories and the setting of their permissions is automatically handled by
|
directories and the setting of their permissions is automatically handled by
|
||||||
|
Loading…
Reference in New Issue
Block a user