Is this a usable systemd startup script for bitcoind?

0

The script here in the official github repo

https://github.com/bitcoin/bitcoin/blob/0.13/contrib/init/bitcoind.service

looks like a systemd startupscript to me. However, it's from 2014.

Can I put this into my /etc/systemd/system directory as a bitcoind.service startscript and enable it? Or do I have to configure something extra?

This what the source code of the script looks like in Sept 2017:

[Unit]
Description=Bitcoin's distributed currency daemon
After=network.target

[Service]
User=bitcoin
Group=bitcoin

Type=forking
PIDFile=/var/lib/bitcoind/bitcoind.pid
ExecStart=/usr/bin/bitcoind -daemon -pid=/var/lib/bitcoind/bitcoind.pid \
-conf=/etc/bitcoin/bitcoin.conf -datadir=/var/lib/bitcoind -disablewallet

Restart=always
PrivateTmp=true
TimeoutStopSec=60s
TimeoutStartSec=2s
StartLimitInterval=120s
StartLimitBurst=5

[Install]
WantedBy=multi-user.target

The script mentions a config-file -conf=/etc/bitcoin/bitcoin.conf - but I'm on Ubuntu/Debian, and the bitcoind package does not create a /etc/bitcoin/bitcoin.conf file.

What should I put it in there? Or should I leave it empty?

(I've already read this related question: Newbie question, bitcoind installation doubte )

Ahh there is already a pull request from June 2017 discussing various topics:

https://github.com/bitcoin/bitcoin/pull/10529/files

They propose, for instance, to rename /etc/bitcoin to /etc/bitcoind, for consistency reasons.

knb

Posted 2017-09-11T11:46:01.313

Reputation: 101

Answers

1

I haven't tested this particular systemd service file, but from my experience in Ubuntu, you need to create the directory structure beforehand and the user running bitcoind would need write permissions to /var/lib/bitcoind/. Otherwise the service will end with errors and will not run.

If you start bitcoind as user bitcoin, the daemon by default will look for and use /home/bitcoin/.bitcoin, which will inherently have write access. For simplicity, I suggest you point to the .conf created in this directory. I also suggest placing the pid file in this location.

I am not aware of any security vulnerabilities of using the user's home directory for -datadir and -pid, as those locations need to be write accessible to user bitcoin wherever you put them anyway; I'd actually like to see a discussion on this topic. Using the settings suggested in that systemd service file would mean you'd have to give user bitcoin write access inside a directory that is normally modifiable by root only.

Consequently, I suggest a slightly modified systemd service file:

[Unit]
Description=Bitcoin's distributed currency daemon
After=network.target

[Service]
User=bitcoin
Group=bitcoin

Type=forking
ExecStart=/usr/bin/bitcoind -daemon -pid=/home/bitcoin/.bitcoin/bitcoind.pid \
-conf=/home/bitcoin/.bitcoin/bitcoin.conf -datadir=/home/bitcoin/.bitcoin -disablewallet
PIDFile=/home/bitcoin/.bitcoin/bitcoind.pid

Restart=always
PrivateTmp=true
TimeoutStopSec=60s
TimeoutStartSec=2s
StartLimitInterval=120s
StartLimitBurst=5

[Install]
WantedBy=multi-user.target

Note that if you place PIDFile= before ExecStart= you will get a warning in the log, but the service will run anyway.

There is this current template https://github.com/bitcoin/bitcoin/blob/master/contrib/init/bitcoind.service, maybe you can take some security improvements from there as well. This template uses RuntimeDirectory=bitcoind to create /run/bitcoind owned by bitcoin (and places the pid file in there). It places bitcoin.conf probably in a read only environment, and ommits -datadir, which will in this case default to /home/bitcoin/.bitcoin.

user2066480

Posted 2017-09-11T11:46:01.313

Reputation: 115

Asked: 2017-09-11T11:46:01.313

Viewed: 1 074 times

Active: 2019-04-16T16:03:05.590