diff options
Diffstat (limited to 'contrib')
-rw-r--r-- | contrib/init/bitcoind.service | 12 |
1 files changed, 10 insertions, 2 deletions
diff --git a/contrib/init/bitcoind.service b/contrib/init/bitcoind.service index cfc5f77580..34c3e7b3ab 100644 --- a/contrib/init/bitcoind.service +++ b/contrib/init/bitcoind.service @@ -5,8 +5,9 @@ # See "man systemd.service" for details. # Note that almost all daemon options could be specified in -# /etc/bitcoin/bitcoin.conf, except for those explicitly specified as arguments -# in ExecStart= +# /etc/bitcoin/bitcoin.conf, but keep in mind those explicitly +# specified as arguments in ExecStart= will override those in the +# config file. [Unit] Description=Bitcoin daemon @@ -18,6 +19,10 @@ ExecStart=/usr/bin/bitcoind -daemon \ -conf=/etc/bitcoin/bitcoin.conf \ -datadir=/var/lib/bitcoind +# Make sure the config directory is readable by the service user +PermissionsStartOnly=true +ExecStartPre=/bin/chgrp bitcoin /etc/bitcoin + # Process management #################### @@ -53,6 +58,9 @@ PrivateTmp=true # Mount /usr, /boot/ and /etc read-only for the process. ProtectSystem=full +# Deny access to /home, /root and /run/user +ProtectHome=true + # Disallow the process and all of its children to gain # new privileges through execve(). NoNewPrivileges=true |