Hi, > Just add the capability to the service unit file.
Sure, I can do that. My doubts are not about how to do it, but whether it is a good idea. CAP_SYS_ADMIN is a rather huge pile of capabilities, and certainly there is a reason userdbd runs with a very constrained set now? -nik
