# It is not recommended to modify this file in-place, because it will# be overwritten during package upgrades. If you want to add further# options or overwrite existing ones then use# $ systemctl edit bitcoind.service# See "man systemd.service" for details.# Note that almost all daemon options could be specified in# /etc/bitcoin/bitcoin.conf, but keep in mind those explicitly# specified as arguments in ExecStart= will override those in the# config file.[Unit]Description=Bitcoin daemonAfter=network.target[Service]ExecStart=/usr/bin/bitcoind -daemon \ -pid=/run/bitcoind/bitcoind.pid \ -conf=/etc/bitcoin/bitcoin.conf \ -datadir=/var/lib/bitcoind# Make sure the config directory is readable by the service userPermissionsStartOnly=trueExecStartPre=/bin/chgrp bitcoin /etc/bitcoin# Process management####################Type=forkingPIDFile=/run/bitcoind/bitcoind.pidRestart=on-failureTimeoutStopSec=600# Directory creation and permissions##################################### Run as bitcoin:bitcoinUser=bitcoinGroup=bitcoin# /run/bitcoindRuntimeDirectory=bitcoindRuntimeDirectoryMode=0710# /etc/bitcoinConfigurationDirectory=bitcoinConfigurationDirectoryMode=0710# /var/lib/bitcoindStateDirectory=bitcoindStateDirectoryMode=0710# Hardening measures##################### Provide a private /tmp and /var/tmp.PrivateTmp=true# Mount /usr, /boot/ and /etc read-only for the process.ProtectSystem=full# Deny access to /home, /root and /run/userProtectHome=true# Disallow the process and all of its children to gain# new privileges through execve().NoNewPrivileges=true# Use a new /dev namespace only populated with API pseudo devices# such as /dev/null, /dev/zero and /dev/random.PrivateDevices=true# Deny the creation of writable and executable memory mappings.MemoryDenyWriteExecute=true[Install]WantedBy=multi-user.target