summarylogtreecommitdiffstats
path: root/wesnothd-1.6.service
diff options
context:
space:
mode:
authorSeverin Glöckner2018-12-26 16:30:34 +0100
committerSeverin Glöckner2018-12-26 16:30:34 +0100
commite400d9a2ad501bd4764ec2162aeaf3ba8149d720 (patch)
tree188bacaf4e24867e339ee7643535653968efdfac /wesnothd-1.6.service
parent13fab7d93cb6604216e218464745bdd491eb1a00 (diff)
downloadaur-e400d9a2ad501bd4764ec2162aeaf3ba8149d720.tar.gz
extend service file
Diffstat (limited to 'wesnothd-1.6.service')
-rw-r--r--wesnothd-1.6.service34
1 files changed, 26 insertions, 8 deletions
diff --git a/wesnothd-1.6.service b/wesnothd-1.6.service
index 31cb9b2577f7..0dd6a9fbf089 100644
--- a/wesnothd-1.6.service
+++ b/wesnothd-1.6.service
@@ -3,22 +3,40 @@ Description=Wesnoth-1.6 Server Daemon
Documentation=https://www.wesnoth.org/wiki/ServerAdministration
Documentation=man:wesnothd-1.6(6)
After=network.target
-# They use by default the same port
+# They use by default the same port. The -p option can be used to change it.
Conflicts=wesnothd.service wesnothd-1.0.servicewesnothd-1.2.service wesnothd-1.4.service wesnothd-1.8.service wesnothd-1.10.service wesnothd-1.12.service wesnothd-1.14.service wesnothd-devel.service wesnothd-git.service
[Service]
+# If wesnothd is started from within the game it runs under a different user.
+# Deleting the pipe resets owner, group and mode.
+ExecStopPre=/bin/rm -f /run/wesnothd-1.4/socket
+
ExecStart=/usr/bin/wesnothd-1.6 -t 2 -T 5
-# you can use -c to specify the same configuration file
-# which is used when starting wensothd from the wesnoth UI
-# (and make sure wesnothd has the required access permissions)
+# You can use -c to specify a same configuration file
+# (and make sure wesnothd has the required access permissions).
SyslogIdentifier=Wesnothd-1.6
User=nobody
-Group=nobody
-ExecStopPost=/usr/bin/rm -f /run/wesnothd-1.6/socket
+Group=users
+
+# Remove remaining administration pipe:
+ExecStopPost=/bin/rm -f /run/wesnothd-1.6/socket
-# Additional security-related features
-ProtectSystem=yes
+# Additional security-related features:
+ProtectSystem=strict
+ProtectHome=yes
+# When specifying with the -c option a file in the home directory,
+# set ProtectHome=read-only and whitelist the directory or file with
+# ReadWritePaths.
+ReadWritePaths=/run/wesnothd-1.6
+InaccessiblePaths=/usr/include
+InaccessiblePaths=/usr/src
+InaccessiblePaths=/boot
+InaccessiblePaths=/media
+InaccessiblePaths=/mnt
+InaccessiblePaths=/srv
+InaccessiblePaths=/opt
+InaccessiblePaths=/var
PrivateTmp=yes
PrivateDevices=yes
NoNewPrivileges=yes