'Twas brillig, and Lennart Poettering at 05/05/14 16:27 did gyre and gimble: >> > ExecStart=/usr/sbin/icinga2 -c ${ICINGA2_CONFIG_FILE} -d -e >> > ${ICINGA2_ERROR_LOG} -u ${ICINGA2_USER} -g ${ICINGA2_GROUP} > I'd recommend teaching the daemon to find its own config file when none > is specified and read the rest of the parameters from there...
Apologies if I've missed a small detail, but I don't think you talk about needing raised privileges much in this thread... I see you have -u and -g arguments to icinga2. This means systemd will start it as root and it's up to icinga2 to drop privs. Unless you need to keep this priv for the lifetime of the process (i.e. the main daemon runs as root and only child processes are actually run under the less privileged user), then you may be better using User= and Group= directives in the systemd unit. This way you allow systemd to totally isolate your daemon to only that user. You can use e.g. tmpfiles to setup needed directories in /run (and infact newer systemds can do some directory permission/creating internally just from the unit contents too). If this doesn't apply feel free to ignore :) Col -- Colin Guthrie gmane(at)colin.guthr.ie http://colin.guthr.ie/ Day Job: Tribalogic Limited http://www.tribalogic.net/ Open Source: Mageia Contributor http://www.mageia.org/ PulseAudio Hacker http://www.pulseaudio.org/ Trac Hacker http://trac.edgewall.org/ _______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel