From 639a416e3758b3005b860b198f0ec7bdd80a7f0c Mon Sep 17 00:00:00 2001
From: setpill <37372069+setpill@users.noreply.github.com>
Date: Tue, 6 Aug 2019 14:21:34 +0200
Subject: [PATCH] Chgrp config dir to bitcoin in systemd service

Rather than making the config dir world-readable, which potentially
leaks RPC credentials, the group of the directory is changed to the one
the service is executed as.
---
 contrib/init/bitcoind.service | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/contrib/init/bitcoind.service b/contrib/init/bitcoind.service
index 79f07666fd6..5f9a6490972 100644
--- a/contrib/init/bitcoind.service
+++ b/contrib/init/bitcoind.service
@@ -19,6 +19,10 @@ ExecStart=/usr/bin/bitcoind -daemon \
                             -conf=/etc/bitcoin/bitcoin.conf \
                             -datadir=/var/lib/bitcoind
 
+# Make sure the config directory is readable by the service user
+PermissionsStartOnly=true
+ExecStartPre=/bin/chgrp bitcoin /etc/bitcoin
+
 # Process management
 ####################