From 9b6b1520f273d46b3f8d229ee1be28a68e93bc15 Mon Sep 17 00:00:00 2001 From: Christian Hesse Date: Tue, 10 Oct 2017 15:17:41 +0200 Subject: start systemd service with dynamic user This requires systemd v235 and dhcpd built with '--enable-paranoia'. --- systemd/dyndhcpd@.service | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'systemd/dyndhcpd@.service') diff --git a/systemd/dyndhcpd@.service b/systemd/dyndhcpd@.service index 8aceeb1..25c93cd 100644 --- a/systemd/dyndhcpd@.service +++ b/systemd/dyndhcpd@.service @@ -5,7 +5,11 @@ Requires=sys-subsystem-net-devices-%i.device After=sys-subsystem-net-devices-%i.device [Service] -ExecStart=/usr/bin/dyndhcpd -i%i +ExecStart=!/usr/bin/dyndhcpd --interface %i --user %p-%i --pidfile /run/%p@%i/dhcpd.pid --leases /var/lib/%p@%i/dhcp.leases --write-config /run/%p@%i/dhcpd.conf +RuntimeDirectory=%p@%i +StateDirectory=%p@%i +User=%p-%i +DynamicUser=on ProtectSystem=full ProtectHome=on PrivateDevices=on -- cgit v1.2.3-70-g09d2