mirror of
https://github.com/processone/ejabberd.git
synced 2024-11-24 16:23:40 +01:00
f56840a682
Admins might expect ejabberd to be able to access data below /home or /tmp. For example, they might use those locations to dump/restore Mnesia backups, or as a document root for mod_http_fileserver or mod_http_upload. Fixes #1297.
23 lines
509 B
Plaintext
23 lines
509 B
Plaintext
[Unit]
|
|
Description=XMPP Server
|
|
After=network.target
|
|
|
|
[Service]
|
|
User=ejabberd
|
|
Group=ejabberd
|
|
LimitNOFILE=16000
|
|
RestartSec=5
|
|
ExecStart=@ctlscriptpath@/ejabberdctl start
|
|
ExecStop=@ctlscriptpath@/ejabberdctl stop
|
|
ExecReload=@ctlscriptpath@/ejabberdctl reload_config
|
|
Type=oneshot
|
|
RemainAfterExit=yes
|
|
# The CAP_DAC_OVERRIDE capability is required for pam authentication to work
|
|
CapabilityBoundingSet=CAP_DAC_OVERRIDE
|
|
PrivateDevices=true
|
|
ProtectSystem=full
|
|
NoNewPrivileges=true
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|