webmap-download: Use a dedicated system group.HEAD master

It will be shared between _webmap-* system users, which will be handy to share lock files.
author: Guilhem Moulin <guilhem@fripost.org> 2024-09-20 03:58:11 +0200
committer: Guilhem Moulin <guilhem@fripost.org> 2024-09-20 03:58:38 +0200
commit: f2d133b81d98eb84acabef11b0bd919a98d5d13d (patch)
tree: 673bc6d8c13ee57a084f8addf4865c7305c0de5a /files/etc/systemd
parent: 886afa0f9a261c239eaad0744878f63db7ee2d68 (diff)
1 files changed, 4 insertions, 3 deletions
diff --git a/files/etc/systemd/system/webmap-download@.service b/files/etc/systemd/system/webmap-download@.service
index a928a13..c0e826f 100644
--- a/files/etc/systemd/system/webmap-download@.service
+++ b/files/etc/systemd/system/webmap-download@.service
@@ -8,7 +8,7 @@ Upholds=webmap-update@%i.target
 
 [Service]
 User=_webmap-download
-Group=nogroup
+Group=_webmap
 
 Nice=15
 IOSchedulingClass=idle
@@ -21,6 +21,9 @@ ExecStart=/usr/local/bin/webmap-download \
     --quiet \
     -- %I
 
+RuntimeDirectory=webmap-download
+RuntimeDirectoryPreserve=yes
+
 # Hardening
 NoNewPrivileges=yes
 ProtectHome=yes
@@ -31,8 +34,6 @@ ProtectKernelModules=yes
 ProtectKernelTunables=yes
 RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
 ReadWritePaths=/var/cache/webmap
-RuntimeDirectory=webmap-download
-RuntimeDirectoryPreserve=yes
 
 [Install]
 WantedBy=webmap-update@%i.target
author	Guilhem Moulin <guilhem@fripost.org>	2024-09-20 03:58:11 +0200
committer	Guilhem Moulin <guilhem@fripost.org>	2024-09-20 03:58:38 +0200
commit	f2d133b81d98eb84acabef11b0bd919a98d5d13d (patch)
tree	673bc6d8c13ee57a084f8addf4865c7305c0de5a /files/etc/systemd
parent	886afa0f9a261c239eaad0744878f63db7ee2d68 (diff)