From f2d133b81d98eb84acabef11b0bd919a98d5d13d Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Fri, 20 Sep 2024 03:58:11 +0200 Subject: webmap-download: Use a dedicated system group. It will be shared between _webmap-* system users, which will be handy to share lock files. --- files/etc/systemd/system/webmap-download@.service | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) (limited to 'files/etc/systemd/system') diff --git a/files/etc/systemd/system/webmap-download@.service b/files/etc/systemd/system/webmap-download@.service index a928a13..c0e826f 100644 --- a/files/etc/systemd/system/webmap-download@.service +++ b/files/etc/systemd/system/webmap-download@.service @@ -8,7 +8,7 @@ Upholds=webmap-update@%i.target [Service] User=_webmap-download -Group=nogroup +Group=_webmap Nice=15 IOSchedulingClass=idle @@ -21,6 +21,9 @@ ExecStart=/usr/local/bin/webmap-download \ --quiet \ -- %I +RuntimeDirectory=webmap-download +RuntimeDirectoryPreserve=yes + # Hardening NoNewPrivileges=yes ProtectHome=yes @@ -31,8 +34,6 @@ ProtectKernelModules=yes ProtectKernelTunables=yes RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 ReadWritePaths=/var/cache/webmap -RuntimeDirectory=webmap-download -RuntimeDirectoryPreserve=yes [Install] WantedBy=webmap-update@%i.target -- cgit v1.2.3