Am 16.07.2016 um 07:55 schrieb Admin Beckspaced:
Am 15.07.2016 um 14:09 schrieb Admin Beckspaced:scroll upRestart=always RestartSec=1your handmade units belonging below /etc/systemd/system/thanks again ... but my question was if i could use the makefiles in the /systemd folder to create a systemd service unit specific to my OS? or do i need to create them myself?why would somone need make files to write a systemd-unit? a simplified one takes 5 lines and that's it and for the hardening options we use a makefile won't help anyways since they differ - lmtpd needs access to /var/spool, the other services don'tthanks for your reply ... i was just wondering why there were any makefiles in the /systemd folder and if / how i should use them ;) glad that you answered my question ... would you mind sharing your systemd unit files for dbmail imap pop3 and lmtp? so i could have a look and adjust to my system need?
i already postet the impad-unit while the others are identical expect lmtpd needs access to /var/spool . anyways, attached
[Unit] Description=DBMail SIEVE Server After=network.service systemd-networkd.service network-online.target mysqld.service mysqld-dbmail.service [Service] Type=simple ExecStart=/usr/sbin/dbmail-timsieved -D Environment="LANG=en_GB.UTF-8" Restart=always RestartSec=1 TimeoutStopSec=5 LimitNOFILE=50000 PrivateTmp=yes PrivateDevices=yes CapabilityBoundingSet=CAP_DAC_OVERRIDE CAP_IPC_LOCK CAP_NET_BIND_SERVICE CAP_SETGID CAP_SETUID RestrictAddressFamilies=~AF_APPLETALK AF_ATMPVC AF_AX25 AF_IPX AF_NETLINK AF_PACKET AF_X25 SystemCallArchitectures=x86-64 SystemCallFilter=~acct modify_ldt add_key adjtimex clock_adjtime delete_module fanotify_init finit_module get_mempolicy init_module io_destroy io_getevents iopl ioperm io_setup io_submit io_cancel kcmp kexec_load keyctl lookup_dcookie mbind migrate_pages mount move_pages open_by_handle_at perf_event_open pivot_root process_vm_readv process_vm_writev ptrace remap_file_pages request_key set_mempolicy swapoff swapon umount2 uselib vmsplice ReadOnlyDirectories=/ ReadWriteDirectories=-/run ReadWriteDirectories=-/tmp ReadWriteDirectories=-/var/tmp ReadWriteDirectories=-/var/log InaccessibleDirectories=-/boot InaccessibleDirectories=-/home InaccessibleDirectories=-/media InaccessibleDirectories=-/root InaccessibleDirectories=-/etc/dbus-1 InaccessibleDirectories=-/etc/ssh InaccessibleDirectories=-/run/console InaccessibleDirectories=-/run/dbus InaccessibleDirectories=-/run/lock InaccessibleDirectories=-/run/mount InaccessibleDirectories=-/run/systemd/generator InaccessibleDirectories=-/run/systemd/system InaccessibleDirectories=-/run/systemd/users InaccessibleDirectories=-/run/udev InaccessibleDirectories=-/run/user InaccessibleDirectories=-/usr/local/scripts InaccessibleDirectories=-/var/lib/dbus InaccessibleDirectories=-/var/lib/dnf InaccessibleDirectories=-/var/lib/rpm InaccessibleDirectories=-/var/lib/systemd InaccessibleDirectories=-/var/lib/yum InaccessibleDirectories=-/var/spool # ExecStart=/usr/bin/valgrind --tool=memcheck --leak-check=yes --log-file=/var/log/valgrind/timsieved.log /usr/sbin/dbmail-timsieved -D # ExecStart=/usr/bin/valgrind --tool=helgrind --log-file=/var/log/valgrind/timsieved.log /usr/sbin/dbmail-timsieved -D [Install] WantedBy=multi-user.target
[Unit] Description=DBMail POP3 Server After=network.service systemd-networkd.service network-online.target mysqld.service mysqld-dbmail.service Before=dovecot.service [Service] Type=simple ExecStart=/usr/sbin/dbmail-pop3d -D Environment="LANG=en_GB.UTF-8" Restart=always RestartSec=1 TimeoutStopSec=5 LimitNOFILE=50000 # TasksMax=2048 PrivateTmp=yes PrivateDevices=yes CapabilityBoundingSet=CAP_DAC_OVERRIDE CAP_IPC_LOCK CAP_NET_BIND_SERVICE CAP_SETGID CAP_SETUID RestrictAddressFamilies=~AF_APPLETALK AF_ATMPVC AF_AX25 AF_IPX AF_NETLINK AF_PACKET AF_X25 SystemCallArchitectures=x86-64 SystemCallFilter=~acct modify_ldt add_key adjtimex clock_adjtime delete_module fanotify_init finit_module get_mempolicy init_module io_destroy io_getevents iopl ioperm io_setup io_submit io_cancel kcmp kexec_load keyctl lookup_dcookie mbind migrate_pages mount move_pages open_by_handle_at perf_event_open pivot_root process_vm_readv process_vm_writev ptrace remap_file_pages request_key set_mempolicy swapoff swapon umount2 uselib vmsplice ReadOnlyDirectories=/ ReadWriteDirectories=-/run ReadWriteDirectories=-/tmp ReadWriteDirectories=-/var/tmp ReadWriteDirectories=-/var/log InaccessibleDirectories=-/boot InaccessibleDirectories=-/home InaccessibleDirectories=-/media InaccessibleDirectories=-/root InaccessibleDirectories=-/etc/dbus-1 InaccessibleDirectories=-/etc/ssh InaccessibleDirectories=-/run/console InaccessibleDirectories=-/run/dbus InaccessibleDirectories=-/run/lock InaccessibleDirectories=-/run/mount InaccessibleDirectories=-/run/systemd/generator InaccessibleDirectories=-/run/systemd/system InaccessibleDirectories=-/run/systemd/users InaccessibleDirectories=-/run/udev InaccessibleDirectories=-/run/user InaccessibleDirectories=-/usr/local/scripts InaccessibleDirectories=-/var/lib/dbus InaccessibleDirectories=-/var/lib/dnf InaccessibleDirectories=-/var/lib/rpm InaccessibleDirectories=-/var/lib/systemd InaccessibleDirectories=-/var/lib/yum InaccessibleDirectories=-/var/spool # ExecStart=/usr/bin/valgrind --tool=memcheck --leak-check=yes --log-file=/var/log/valgrind/pop3d.log /usr/sbin/dbmail-pop3d -D # ExecStart=/usr/bin/valgrind --tool=helgrind --log-file=/var/log/valgrind/pop3d.log /usr/sbin/dbmail-pop3d -D [Install] WantedBy=multi-user.target
[Unit] Description=DBMail LMTP Server After=network.service systemd-networkd.service network-online.target mysqld.service mysqld-dbmail.service [Service] Type=simple ExecStart=/usr/sbin/dbmail-lmtpd -D Environment="LANG=en_GB.UTF-8" Restart=always RestartSec=1 TimeoutStopSec=5 LimitNOFILE=50000 PrivateTmp=yes PrivateDevices=yes CapabilityBoundingSet=CAP_DAC_OVERRIDE CAP_IPC_LOCK CAP_NET_BIND_SERVICE CAP_SETGID CAP_SETUID RestrictAddressFamilies=~AF_APPLETALK AF_ATMPVC AF_AX25 AF_PACKET AF_X25 SystemCallArchitectures=x86-64 SystemCallFilter=~acct modify_ldt add_key adjtimex clock_adjtime delete_module fanotify_init finit_module get_mempolicy init_module io_destroy io_getevents iopl ioperm io_setup io_submit io_cancel kcmp kexec_load keyctl lookup_dcookie mbind migrate_pages mount move_pages open_by_handle_at perf_event_open pivot_root process_vm_readv process_vm_writev ptrace remap_file_pages request_key set_mempolicy swapoff swapon umount2 uselib vmsplice ReadOnlyDirectories=/ ReadWriteDirectories=-/run ReadWriteDirectories=-/tmp ReadWriteDirectories=-/var/tmp ReadWriteDirectories=-/var/log ReadWriteDirectories=-/var/spool/postfix ReadWriteDirectories=-/var/lib/postfix InaccessibleDirectories=-/boot InaccessibleDirectories=-/home InaccessibleDirectories=-/media InaccessibleDirectories=-/root InaccessibleDirectories=-/etc/dbus-1 InaccessibleDirectories=-/etc/ssh InaccessibleDirectories=-/run/console InaccessibleDirectories=-/run/dbus InaccessibleDirectories=-/run/lock InaccessibleDirectories=-/run/mount InaccessibleDirectories=-/run/systemd/generator InaccessibleDirectories=-/run/systemd/system InaccessibleDirectories=-/run/systemd/users InaccessibleDirectories=-/run/udev InaccessibleDirectories=-/run/user InaccessibleDirectories=-/usr/local/scripts InaccessibleDirectories=-/var/lib/dbus InaccessibleDirectories=-/var/lib/dnf InaccessibleDirectories=-/var/lib/rpm InaccessibleDirectories=-/var/lib/systemd InaccessibleDirectories=-/var/lib/yum # ExecStart=/usr/bin/valgrind --tool=memcheck --leak-check=yes --log-file=/var/log/valgrind/lmtpd.log /usr/sbin/dbmail-lmtpd -D # ExecStart=/usr/bin/valgrind --tool=helgrind --log-file=/var/log/valgrind/lmtpd.log /usr/sbin/dbmail-lmtpd -D [Install] WantedBy=multi-user.target
[Unit] Description=DBMail IMAP Server After=network.service systemd-networkd.service network-online.target mysqld.service mysqld-dbmail.service Before=dovecot.service [Service] Type=simple ExecStart=/usr/sbin/dbmail-imapd -D Environment="LANG=en_GB.UTF-8" Restart=always RestartSec=1 StartLimitBurst=100 TimeoutStopSec=5 LimitNOFILE=50000 # TasksMax=2048 PrivateTmp=yes PrivateDevices=yes CapabilityBoundingSet=CAP_DAC_OVERRIDE CAP_IPC_LOCK CAP_NET_BIND_SERVICE CAP_SETGID CAP_SETUID RestrictAddressFamilies=~AF_APPLETALK AF_ATMPVC AF_AX25 AF_IPX AF_NETLINK AF_PACKET AF_X25 SystemCallArchitectures=x86-64 SystemCallFilter=~acct modify_ldt add_key adjtimex clock_adjtime delete_module fanotify_init finit_module get_mempolicy init_module io_destroy io_getevents iopl ioperm io_setup io_submit io_cancel kcmp kexec_load keyctl lookup_dcookie mbind migrate_pages mount move_pages open_by_handle_at perf_event_open pivot_root process_vm_readv process_vm_writev ptrace remap_file_pages request_key set_mempolicy swapoff swapon umount2 uselib vmsplice ReadOnlyDirectories=/ ReadWriteDirectories=-/run ReadWriteDirectories=-/tmp ReadWriteDirectories=-/var/tmp ReadWriteDirectories=-/var/log InaccessibleDirectories=-/boot InaccessibleDirectories=-/home InaccessibleDirectories=-/media InaccessibleDirectories=-/root InaccessibleDirectories=-/etc/dbus-1 InaccessibleDirectories=-/etc/ssh InaccessibleDirectories=-/run/console InaccessibleDirectories=-/run/dbus InaccessibleDirectories=-/run/lock InaccessibleDirectories=-/run/mount InaccessibleDirectories=-/run/systemd/generator InaccessibleDirectories=-/run/systemd/system InaccessibleDirectories=-/run/systemd/users InaccessibleDirectories=-/run/udev InaccessibleDirectories=-/run/user InaccessibleDirectories=-/usr/local/scripts InaccessibleDirectories=-/var/lib/dbus InaccessibleDirectories=-/var/lib/dnf InaccessibleDirectories=-/var/lib/rpm InaccessibleDirectories=-/var/lib/systemd InaccessibleDirectories=-/var/lib/yum InaccessibleDirectories=-/var/spool # ExecStart=/usr/bin/valgrind --tool=memcheck --leak-check=yes --log-file=/var/log/valgrind/imapd.log /usr/sbin/dbmail-imapd -D # ExecStart=/usr/bin/valgrind --tool=helgrind --log-file=/var/log/valgrind/imapd.log /usr/sbin/dbmail-imapd -D [Install] WantedBy=multi-user.target
signature.asc
Description: OpenPGP digital signature
_______________________________________________ DBmail mailing list DBmail@dbmail.org http://mailman.fastxs.nl/cgi-bin/mailman/listinfo/dbmail
