Chgrp config dir to bitcoin in systemd service

Rather than making the config dir world-readable, which potentially leaks RPC credentials, the group of the directory is changed to the one the service is executed as.
author: setpill <37372069+setpill@users.noreply.github.com> 2019-08-06 14:21:34 +0200
committer: setpill <37372069+setpill@users.noreply.github.com> 2019-08-20 10:54:14 +0200
commit: 639a416e3758b3005b860b198f0ec7bdd80a7f0c (patch)
tree: c56b00f9fe1c587e36bf5dd9ceadcd658e4c293e /contrib/init
parent: aded0528f0e1e3735ce8dd26fd9e546150b73187 (diff)
download: bitcoin-639a416e3758b3005b860b198f0ec7bdd80a7f0c.tar.xz
1 files changed, 4 insertions, 0 deletions
diff --git a/contrib/init/bitcoind.service b/contrib/init/bitcoind.service
index 79f07666fd..5f9a649097 100644
--- a/contrib/init/bitcoind.service
+++ b/contrib/init/bitcoind.service
@@ -19,6 +19,10 @@ ExecStart=/usr/bin/bitcoind -daemon \
                             -conf=/etc/bitcoin/bitcoin.conf \
                             -datadir=/var/lib/bitcoind
 
+# Make sure the config directory is readable by the service user
+PermissionsStartOnly=true
+ExecStartPre=/bin/chgrp bitcoin /etc/bitcoin
+
 # Process management
 ####################
author	setpill <37372069+setpill@users.noreply.github.com>	2019-08-06 14:21:34 +0200
committer	setpill <37372069+setpill@users.noreply.github.com>	2019-08-20 10:54:14 +0200
commit	639a416e3758b3005b860b198f0ec7bdd80a7f0c (patch)
tree	c56b00f9fe1c587e36bf5dd9ceadcd658e4c293e /contrib/init
parent	aded0528f0e1e3735ce8dd26fd9e546150b73187 (diff)
download	bitcoin-639a416e3758b3005b860b198f0ec7bdd80a7f0c.tar.xz