[Opendnssec-user] Dropping exec perms -- running daemons as == ods USER/GROUP, !root ?

Yuri Schaeffer yuri at nlnetlabs.nl
Thu Dec 22 14:45:15 UTC 2016


> sure. with the caveats that they're trivial, work in my ENV with systemd 228, & are as yet untested in a production setup,

Tx.

> 	[Unit]
> 	Description=OpenDNSSEC v2 Signer daemon
> 	After=syslog.target network-online.target
> 
> 	[Service]
> 	Type=forking
> 	PIDFile=/var/run/opendnssec/signerd.pid
> 	ExecStart=/bin/sh -c '/usr/local/opendnssec/sbin/ods-signerd -d &'
> 
> 	[Install]
> 	WantedBy=multi-user.target

I suggest this change though. (entire Service section)

> 	[Unit]
> 	Description=OpenDNSSEC v2 Signer daemon
> 	After=syslog.target network-online.target
>
> 	[Service]
> 	Type=simple
>	ExecStart=/usr/local/opendnssec/sbin/ods-signerd -d
>
> 	[Install]
> 	WantedBy=multi-user.target

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: OpenPGP digital signature
URL: <http://lists.opendnssec.org/pipermail/opendnssec-user/attachments/20161222/9c94c8c1/attachment.bin>


More information about the Opendnssec-user mailing list