%PDF- %PDF-
Direktori : /usr/lib/systemd/system/ |
Current File : //usr/lib/systemd/system/accounts-daemon.service |
[Unit] Description=Accounts Service # In order to avoid races with identity-providing services like SSSD or # winbind, we need to ensure that Accounts Service starts after # nss-user-lookup.target After=nss-user-lookup.target Wants=nss-user-lookup.target [Service] Type=dbus BusName=org.freedesktop.Accounts ExecStart=/usr/libexec/accounts-daemon Environment=GVFS_DISABLE_FUSE=1 Environment=GIO_USE_VFS=local Environment=GVFS_REMOTE_VOLUME_MONITOR_IGNORE=1 StateDirectory=AccountsService StateDirectoryMode=0775 ProtectSystem=strict PrivateDevices=true ProtectKernelTunables=true ProtectKernelModules=true ProtectControlGroups=true # Write access is needed to create home directories: ProtectHome=false # Needed sometime for data shared like icons PrivateTmp=false PrivateNetwork=true # We need access to the canonical user database: PrivateUsers=false # For D-Bus: RestrictAddressFamilies=AF_UNIX SystemCallArchitectures=native SystemCallFilter=~@mount RestrictNamespaces=true LockPersonality=true MemoryDenyWriteExecute=true RestrictRealtime=true RemoveIPC=true # In addition to the below paths, # - /var/lib/AccountsService/users/ and # - /var/lib/AccountsService/icons/ # are read/written by the daemon. See StateDirectory= above. # # The paths in /etc are not directly modified by AccountsService, but by # usermod, which it spawns. # # The paths in /var/log and /var/mail are touched by useradd/userdel when adding # or deleting users. ReadWritePaths=\ -/etc/gdm3/custom.conf \ /etc/ \ -/var/log/lastlog \ -/var/log/tallylog \ -/var/mail/ ReadOnlyPaths=\ /usr/share/accountsservice/interfaces/ \ /usr/share/dbus-1/interfaces/ \ /var/log/wtmp \ /run/systemd/seats/ [Install] # We pull this in by graphical.target instead of waiting for the bus # activation, to speed things up a little: gdm uses this anyway so it is nice # if it is already around when gdm wants to use it and doesn't have to wait for # it. WantedBy=graphical.target