diff options
| author | setpill <[email protected]> | 2019-08-06 14:21:34 +0200 |
|---|---|---|
| committer | setpill <[email protected]> | 2019-08-20 10:54:14 +0200 |
| commit | 639a416e3758b3005b860b198f0ec7bdd80a7f0c (patch) | |
| tree | c56b00f9fe1c587e36bf5dd9ceadcd658e4c293e | |
| parent | Improve clarity of systemd service file comments (diff) | |
| download | discoin-639a416e3758b3005b860b198f0ec7bdd80a7f0c.tar.xz discoin-639a416e3758b3005b860b198f0ec7bdd80a7f0c.zip | |
Chgrp config dir to bitcoin in systemd service
Rather than making the config dir world-readable, which potentially
leaks RPC credentials, the group of the directory is changed to the one
the service is executed as.
| -rw-r--r-- | contrib/init/bitcoind.service | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/contrib/init/bitcoind.service b/contrib/init/bitcoind.service index 79f07666f..5f9a64909 100644 --- a/contrib/init/bitcoind.service +++ b/contrib/init/bitcoind.service @@ -19,6 +19,10 @@ ExecStart=/usr/bin/bitcoind -daemon \ -conf=/etc/bitcoin/bitcoin.conf \ -datadir=/var/lib/bitcoind +# Make sure the config directory is readable by the service user +PermissionsStartOnly=true +ExecStartPre=/bin/chgrp bitcoin /etc/bitcoin + # Process management #################### |