On Wednesday, 21 February 2018 06:31:23 GMT Jonathan de Boyne Pollard wrote: > st...@goodey.org: > > [Service] > > > > Type=forking > > Your program has an -f option to stop it from vainly trying to > re-daemonize itself. Use it; and do not use Type=forking in the first > place. > > * > http://jdebp.eu./FGA/unix-daemon-design-mistakes-to-avoid.html#DoNotBackgrou > ndise > > The supplied systemd service unit that comes packaged by Ubuntu/Debian > does this. You can ignore its use of -s 1 , as systemd will log the > program's standard output and -s 0 will do quite well. > > * > https://sources.debian.org/src/lcdproc/0.5.9-2/debian/lcdproc.LCDd.service/ > > st...@goodey.org: > > [server] > > > > User=nobody > > Also, do not abuse nobody for dæmons. Use a dedicated unprivileged user > account, such as (for example) lcdproc. Name the unprivileged user > account in the service unit in a User= setting, and using filesystem > ACLs or otherwise grant it nothing except the permission to open > /dev/ttyUSB0 for writing and to open the configuration file for reading. > > * http://jdebp.eu./FGA/dont-abuse-nobody-for-daemons.html > > Currently, you are running your program as the superuser with a > configuration file owned by an unprivileged user. This is a backdoor > into your system, as anyone who compromises that unprivileged user > account (which is the one that you run your WWW browser as, and that you > use to run software build systems and other programs downloaded from > other people that you do not know, ne?) can rewrite the configuration > file and thereby persuade a superuser-privileged process to open an > arbitrary file and write stuff (which it does before it attempts to > detect whether it is running as the superuser). > _______________________________________________ > systemd-devel mailing list > systemd-devel@lists.freedesktop.org > https://lists.freedesktop.org/mailman/listinfo/systemd-devel
Thanks very much Jonathan for your help and in looking through the conf files and pointing out my mistakes. I have altered them as per your instructions and all is now running fine. Thanks to all who replied and my apologies if my little problem has cluttered up your list :-) Regards, Steve Goodey Colchester, England mailto://st...@goodey.org Registered Linux User #372670 http://counter.li.org Hello to Jason Isaacs
_______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel