From 1caaf650436e96cf5c20374bb5a2b2c8e667024a Mon Sep 17 00:00:00 2001 From: Florian Schmaus Date: Tue, 14 Jul 2020 10:33:14 +0200 Subject: [PATCH 1/2] init: remove Group= as it will default to the user's default group Setting Group=bitcoin is redundant. It is typically the default group of the user and if not explicitly specified, systemd will run the service with the default group of the user. --- contrib/init/bitcoind.service | 1 - 1 file changed, 1 deletion(-) diff --git a/contrib/init/bitcoind.service b/contrib/init/bitcoind.service index ade8a05926f..3804a08e3c8 100644 --- a/contrib/init/bitcoind.service +++ b/contrib/init/bitcoind.service @@ -44,7 +44,6 @@ TimeoutStopSec=600 # Run as bitcoin:bitcoin User=bitcoin -Group=bitcoin # /run/bitcoind RuntimeDirectory=bitcoind From 18d1071dd1244cf3252d687bb46f88d65f652e4d Mon Sep 17 00:00:00 2001 From: Florian Schmaus Date: Tue, 14 Jul 2020 10:48:54 +0200 Subject: [PATCH 2/2] init: replace deprecated PermissionsStartOnly systemd directive PermissionsStartOnly is deprecated [1]. This removes the directives and instead we prefixes the value of the ExecStartPre directive with '!', which means the executable, 'chgrp' in this case, is run with full privileges and able to change the group of /etc/bitcoin. 1: https://github.com/systemd/systemd/blob/60b45a80c1f98bad000bd902d97ecf6c4e3fc315/NEWS#L2434 --- contrib/init/bitcoind.service | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/contrib/init/bitcoind.service b/contrib/init/bitcoind.service index 3804a08e3c8..1845208cbbd 100644 --- a/contrib/init/bitcoind.service +++ b/contrib/init/bitcoind.service @@ -25,8 +25,7 @@ ExecStart=/usr/bin/bitcoind -pid=/run/bitcoind/bitcoind.pid \ -shutdownnotify='systemd-notify --stopping' # Make sure the config directory is readable by the service user -PermissionsStartOnly=true -ExecStartPre=/bin/chgrp bitcoin /etc/bitcoin +ExecStartPre=!/bin/chgrp bitcoin /etc/bitcoin # Process management ####################