Commit graph

7 commits

Author SHA1 Message Date
setpill
870d4152df Set ProtectHome in systemd service file
Further hardening; the service should be run with as many restrictions
as possible without breaking it.
2019-08-20 10:54:14 +02:00
setpill
639a416e37 Chgrp config dir to bitcoin in systemd service
Rather than making the config dir world-readable, which potentially
leaks RPC credentials, the group of the directory is changed to the one
the service is executed as.
2019-08-20 10:54:14 +02:00
setpill
aded0528f0 Improve clarity of systemd service file comments
The phrasing seemed to indicate that the options specified in
ExecStart= could not be specified in the config file, necessitating
their inclusion in the service file. However, the options in the
config file simply get overridden by any specified in ExecStart=.
2019-08-20 10:54:14 +02:00
Carl Dong
b0c7b54d0c init: Use systemd automatic directory creation
Tell systemd to create, set, and ensure the right mode for the PID,
configuration, and data directories.

Only the exec bit is set for groups for the aforementioned directories.
This is the least privilege perm that allows for the
reading/writing/execing of files under the directory _if_ the files
themselves give permission to its group to do so (e.g. when -sysperms is
specified). Note that this does not allow for the listing of files under
the directory.
2019-01-05 13:21:44 +08:00
Florian Schmaus
79ddfad486 Apply hardening measurements in bitcoind systemd service file
Adds typical systemd hardening measurements for network services.
2018-03-14 08:11:07 +01:00
Florian Schmaus
16be7ddbaa Improve bitcoind systemd service file
Add comment how further options can be added or existing ones
modified. Use /run/${RuntimeDirectory} for PID file.

Remove TimeoutStopSec, TimeoutStartSec, StartLimitInterval,
StartLimitBurst directives as those should be set indivdually.

Remove Group to user the bitcoin user's default group.

Changed Restart from 'always' to 'on-failure' (can also be overwritten
individually).
2017-06-05 12:10:08 +02:00
Adam Weiss
234bfbf6a5 Add init scripts and docs for Upstart and OpenRC 2014-09-09 16:58:06 -04:00
Renamed from contrib/systemd/bitcoind.service (Browse further)