unit systemd con utente dinamico: - no adduser/altre conf - utente con pochi permessi - accesso consentito al gruppo adm
[Unit]
Description=In-memory logging
[Service]
DynamicUser=true
Group=adm
RuntimeDirectory=circolog
# this is important: circologd will respect umask, so if you want to have files that are not world-readable, you must set it
RuntimeDirectoryMode=0750
UMask=0026
ProtectSystem=full
ExecStart=/usr/local/sbin/circologd -syslogd-socket /run/circolog/syslog.sock -buffer-size 2000 -query-socket /run/circolog/query.sock
# security restrictions; useful, but not needed
PrivateTmp=true
PrivateNetwork=true
NoNewPrivileges=true
Restrictnamespaces=true
#optional: watchdog
WatchdogSec=30
[Install]
WantedBy=multi-user.target