diff --git a/contrib/init/dashd.service b/contrib/init/dashd.service index 574fd4bb41..ed384937b9 100644 --- a/contrib/init/dashd.service +++ b/contrib/init/dashd.service @@ -5,21 +5,45 @@ # See "man systemd.service" for details. # Note that almost all daemon options could be specified in -# /etc/dash/dash.conf +# /etc/dash/dash.conf, except for those explicitly specified as arguments +# in ExecStart= [Unit] Description=Dash daemon After=network.target [Service] -ExecStart=/usr/bin/dashd -daemon -conf=/etc/dash/dash.conf -pid=/run/dashd/dashd.pid -# Creates /run/dash owned by dashcore -RuntimeDirectory=dashd -User=dashcore +ExecStart=/usr/bin/dashd -daemon \ + -pid=/run/dashd/dashd.pid \ + -conf=/etc/dash/dash.conf \ + -datadir=/var/lib/dashd + +# Process management +#################### + Type=forking PIDFile=/run/dashd/dashd.pid Restart=on-failure +# Directory creation and permissions +#################################### + +# Run as dash:dash +User=dashcore +Group=dashcore + +# /run/dashd +RuntimeDirectory=dashd +RuntimeDirectoryMode=0710 + +# /etc/dash +ConfigurationDirectory=dash +ConfigurationDirectoryMode=0710 + +# /var/lib/dashd +StateDirectory=dashd +StateDirectoryMode=0710 + # Hardening measures #################### diff --git a/doc/init.md b/doc/init.md index 3b2cf629a6..3ec428be71 100644 --- a/doc/init.md +++ b/doc/init.md @@ -56,7 +56,7 @@ All three configurations assume several paths that might need to be adjusted. Binary: `/usr/bin/dashd` Configuration file: `/etc/dashcore/dash.conf` Data directory: `/var/lib/dashd` -PID file: `/var/run/dashd/dashd.pid` (OpenRC and Upstart) or `/var/lib/dashd/dashd.pid` (systemd) +PID file: `/var/run/dashd/dashd.pid` (OpenRC and Upstart) or `/run/dashd/dashd.pid` (systemd) Lock file: `/var/lock/subsys/dashd` (CentOS) The configuration file, PID directory (if applicable) and data directory @@ -65,6 +65,22 @@ reasons to make the configuration file and data directory only readable by the dashcore user and group. Access to dash-cli and other dashd rpc clients can then be controlled by group membership. +NOTE: When using the systemd .service file, the creation of the aforementioned +directories and the setting of their permissions is automatically handled by +systemd. Directories are given a permission of 710, giving the dashcore user and group +access to files under it _if_ the files themselves give permission to the +dashcore user and group to do so (e.g. when `-sysperms` is specified). This does not allow +for the listing of files under the directory. + +NOTE: It is not currently possible to override `datadir` in +`/etc/dash/dash.conf` with the current systemd, OpenRC, and Upstart init +files out-of-the-box. This is because the command line options specified in the +init files take precedence over the configurations in +`/etc/dash/dash.conf`. However, some init systems have their own +configuration mechanisms that would allow for overriding the command line +options specified in the init files (e.g. setting `BITCOIND_DATADIR` for +OpenRC). + ### macOS Binary: `/usr/local/bin/dashd` diff --git a/doc/release-notes/release-notes-pr12255.md b/doc/release-notes/release-notes-pr12255.md new file mode 100644 index 0000000000..4e99b30e5b --- /dev/null +++ b/doc/release-notes/release-notes-pr12255.md @@ -0,0 +1,17 @@ +systemd init file +========= + +The systemd init file (`contrib/init/dashd.service`) has been changed to use +`/var/lib/dashd` as the data directory instead of `~dash/.dash`. This +change makes Dash Core more consistent with other services, and makes the +systemd init config more consistent with existing Upstart and OpenRC configs. + +The configuration, PID, and data directories are now completely managed by +systemd, which will take care of their creation, permissions, etc. See +[`systemd.exec (5)`](https://www.freedesktop.org/software/systemd/man/systemd.exec.html#RuntimeDirectory=) +for more details. + +When using the provided init files under `contrib/init`, overriding the +`datadir` option in `/etc/dash/dash.conf` will have no effect. This is +because the command line arguments specified in the init files take precedence +over the options specified in `/etc/dash/dash.conf`.