mirror of
https://github.com/xcat2/confluent.git
synced 2024-11-25 11:01:09 +00:00
4437e81e04
If doing PAM authentication, we can setuid to the target user and then pam_unix will use unix_chkpwd on our behalf. Problems with this working in the lab was resolved by a yum reinstall pam, so it was presumably due to messed up setcap or similar experiments.
28 lines
623 B
Desktop File
28 lines
623 B
Desktop File
# IBM(c) 2015 Apache 2.0
|
|
# Lenovo(c) 2020 Apache 2.0
|
|
[Unit]
|
|
Description=Confluent hardware manager
|
|
|
|
[Service]
|
|
Type=forking
|
|
#PIDFile=/var/run/confluent/pid
|
|
RuntimeDirectory=confluent
|
|
StateDirectory=confluent
|
|
CacheDirectory=confluent
|
|
LogsDirectory=confluent
|
|
ConfigurationDirectory=confluent
|
|
ExecStart=/opt/confluent/bin/confluent
|
|
ExecStop=/opt/confluent/bin/confetty shutdown /
|
|
Restart=on-failure
|
|
AmbientCapabilities=CAP_NET_BIND_SERVICE CAP_SETUID CAP_SETGID CAP_CHOWN
|
|
User=confluent
|
|
Group=confluent
|
|
DevicePolicy=closed
|
|
PrivateDevices=true
|
|
ProtectControlGroups=true
|
|
ProtectSystem=true
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|
|
|