[Opendnssec-user] Dropping exec perms -- running daemons as == ods USER/GROUP, !root ?
Yuri Schaeffer
yuri at nlnetlabs.nl
Thu Dec 22 14:45:15 UTC 2016
> sure. with the caveats that they're trivial, work in my ENV with systemd 228, & are as yet untested in a production setup,
Tx.
> [Unit]
> Description=OpenDNSSEC v2 Signer daemon
> After=syslog.target network-online.target
>
> [Service]
> Type=forking
> PIDFile=/var/run/opendnssec/signerd.pid
> ExecStart=/bin/sh -c '/usr/local/opendnssec/sbin/ods-signerd -d &'
>
> [Install]
> WantedBy=multi-user.target
I suggest this change though. (entire Service section)
> [Unit]
> Description=OpenDNSSEC v2 Signer daemon
> After=syslog.target network-online.target
>
> [Service]
> Type=simple
> ExecStart=/usr/local/opendnssec/sbin/ods-signerd -d
>
> [Install]
> WantedBy=multi-user.target
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: OpenPGP digital signature
URL: <http://lists.opendnssec.org/pipermail/opendnssec-user/attachments/20161222/9c94c8c1/attachment.bin>
More information about the Opendnssec-user
mailing list