diff options
author | Mantas Mikulėnas | 2021-04-22 17:28:11 +0300 |
---|---|---|
committer | Mantas Mikulėnas | 2021-04-22 17:28:11 +0300 |
commit | 61a5bd4384c7e16ecd79fd515d99e9f13f87745d (patch) | |
tree | f3b57be368212678ff202a71c206f48802aa1463 /lmgrd.service | |
parent | 97950f150fe39986ca18a454319c1d0cb731e889 (diff) | |
download | aur-61a5bd4384c7e16ecd79fd515d99e9f13f87745d.tar.gz |
restrict lmgrd privileges
Though I still haven't tested it, as I only maintain this package
because I'm using the client-side tools (lmstat).
Diffstat (limited to 'lmgrd.service')
-rw-r--r-- | lmgrd.service | 15 |
1 files changed, 13 insertions, 2 deletions
diff --git a/lmgrd.service b/lmgrd.service index e3be68d2e39a..17770fcc60fb 100644 --- a/lmgrd.service +++ b/lmgrd.service @@ -1,9 +1,20 @@ [Unit] -Description=FLEXnet License Manager Daemon (from Autodesk) +Description=FLEXnet License Manager Daemon (lmgrd) +After=network.target [Service] +User=lmgrd +DynamicUser=true +Environment="LMGRD_ARGS=" +Environment="LMGRD_RESTRICT_ARGS=-local -2 -p -x lmdown -x lmremove" +EnvironmentFile=-/etc/sysconfig/lmgrd Type=forking -ExecStart=/usr/lib/flexnetserver/lmgrd +ExecStart=/usr/lib/flexnetserver/lmgrd $LMGRD_ARGS $LMGRD_RESTRICT_ARGS + +# -local Restrict lmdown/reread to local only +# -2 -p Restrict lmdown/reread/remove/switch[r]/newlog to root-only +# -x lmfoo Disable remote usage of lm<foo> command +# -z Run in foreground [Install] WantedBy=multi-user.target |