bitcoind systemd service unit file | Bitcointalksearch.org

NotATether

legendary

Activity: 1568

Merit: 6660

bitcoincleanup.com / bitmixlist.org

All those lines where you noted whether it needs to be changed are system folders for bitcoind's configuration, logging, and the folder where it puts its PID file (so you don't run duplicate bitcoind's by accident) so they need to be changed to other folders because the "bitcoin" user, and everybody but root for the matter, does not have permissions to access your home folder. There isn't even a bitcoin user automatically created.

Rather than mucking with the permissions with your home folder, which ends up with bad results as I've tried, you should just change the bitcoin user/group to whatever your own user and group are.

Then you need to change some of the entries to remove the system wide folders:

Code:

ExecStartPre=/bin/chgrp bitcoin /etc/bitcoin  < ------ You don't need this

...

User=bitcoin < -------- Change to your own user
Group=bitcoin < -------- Change to your own group

### You should probably remove all this since the paths
### can't be changed to outside /run, /etc and so on
# /run/bitcoind
RuntimeDirectory=bitcoind < -------- not sure if this also needs changes or not...???
RuntimeDirectoryMode=0710 < -------- not sure if this also needs changes or not...???

# /etc/bitcoin
ConfigurationDirectory=bitcoin < -------- not sure if this also needs changes or not...???
ConfigurationDirectoryMode=0710 < -------- not sure if this also needs changes or not...???

# /var/lib/bitcoind
StateDirectory=bitcoind < -------- not sure if this also needs changes or not...???
StateDirectoryMode=0710 < -------- not sure if this also needs changes or not...???
###


# Hardening measures
####################

# Provide a private /tmp and /var/tmp.
PrivateTmp=true

# Mount /usr, /boot/ and /etc read-only for the process.
ProtectSystem=full

# Deny access to /home, /root and /run/user
ProtectHome=true < ----- I would probably remove this since your bitcoind is in /home but leave the rest as is

# Disallow the process and all of its children to gain
# new privileges through execve().
NoNewPrivileges=true

# Use a new /dev namespace only populated with API pseudo devices
# such as /dev/null, /dev/zero and /dev/random.
PrivateDevices=true

# Deny the creation of writable and executable memory mappings.
MemoryDenyWriteExecute=true

The Hardening entries are security measures to reduce damage someone with a crazy-looking ZMQ message (think blocks and transactions from other peers) can do to your node.

I know this isn't relevant to your problem, but in an ideal case if you have different bitcoin core builds, each would be in a different folder directly under your home folder, each with the stuff that would've normally been under ~/.bitcoin be in their own folder, so for instance a bitcoin.conf file under ./etc, a bitcoind.pid file under ./run, your wallets, blocks and chainstate and stuff under ./var instead of it using the system wide paths.

Basically such a topology would look like his:

home /
notatether /
bitcoin-0.21 /
etc /
bitcoin.conf
bin /
...
lib /
...
run /
bitcoind.pid
var / <-- Symlink this to your external disk using this kind of folder structure
wallets/
chainstate/
blocks/
debug.log
...
bitcoin-0.20 /
...

This allows you to have multiple systemd unit files to launch each of these different bitcoind folders.

darkv0rt3x

hero member

Activity: 1274

Merit: 681

I rather die on my feet than to live on my knees

Quote from: DireWolfM14 on April 21, 2021, 04:32:47 PM

Here's a link to the standard bitcoind.system file included with the source code:
https://github.com/bitcoin/bitcoin/blob/master/contrib/init/bitcoind.service

If you want to use it as-is you'll have to create a system user named "bitcoin." Also note the directories and their permissions:

Code:

# Directory creation and permissions
####################################

# Run as bitcoin:bitcoin
User=bitcoin
Group=bitcoin

# /run/bitcoind
RuntimeDirectory=bitcoind
RuntimeDirectoryMode=0710

# /etc/bitcoin
ConfigurationDirectory=bitcoin
ConfigurationDirectoryMode=0710

# /var/lib/bitcoind
StateDirectory=bitcoind
StateDirectoryMode=0710

To install bitcoin core to the specified directory use this code:

Code:

sudo install -m 0755 -o root -g root -t /usr/bin bitcoin-0.21.0/bin/*

You'll have to create two directories (/etc/bitcoind and /var/lib/bitcoind) and set the ownership/group to bitcoin:bitcoin and permissions to -rwx--x--- (chmod 710.) Bitcoin core will create the runtime directory as needed.

You can now copy your bitcoin.conf file to /etc/bitcoind and set ownership/permission the same as the directory. You should be able to use systemctl to enable and start bitcoind now, but of course it'll start downloading the blockchain from the start. If you change your simlink and use the same directory on the USB drive, you'll need to start bitcoind manually the first time with -reindex.

I find this is the most reliable way to run bitcoind with systemd.

I don't want any of that.
I explicitly mentioned what my situation was. It is what is is and I had to adapt!
I don't have bitcoin core installed, I don't have a bitcoin user in my system, I don't know what is that sudo install -m .... command is and I don't need it because, as I also mentioned, I didn't install bitcoin core.

I didn't create and nobody needs to create those directories. If you run bitcoind right after you install it, you don't need those. So, why one would need, to use a unit file?

I think it is running bitcoind quite reliably, but I'll see how it goes in the next days.

But I needed help before I got this working. Now, it's a bit late. :p
Thanks to someone in IRC channel, I got it working the way I wanted!

DireWolfM14

copper member

Activity: 2338

Merit: 4543

Join the world-leading crypto sportsbook NOW!

Here's a link to the standard bitcoind.system file included with the source code:
https://github.com/bitcoin/bitcoin/blob/master/contrib/init/bitcoind.service

If you want to use it as-is you'll have to create a system user named "bitcoin." Also note the directories and their permissions:

Code:

# Directory creation and permissions
####################################

# Run as bitcoin:bitcoin
User=bitcoin
Group=bitcoin

# /run/bitcoind
RuntimeDirectory=bitcoind
RuntimeDirectoryMode=0710

# /etc/bitcoin
ConfigurationDirectory=bitcoin
ConfigurationDirectoryMode=0710

# /var/lib/bitcoind
StateDirectory=bitcoind
StateDirectoryMode=0710

To install bitcoin core to the specified directory use this code:

Code:

sudo install -m 0755 -o root -g root -t /usr/bin bitcoin-0.21.0/bin/*

You'll have to create two directories (/etc/bitcoin and /var/lib/bitcoind) and set the ownership/group to bitcoin:bitcoin and permissions to -rwx--x--- (chmod 710.) Bitcoin core will create the runtime directory as needed.

You can now copy your bitcoin.conf file to /etc/bitcoin and set ownership/permission the same as the directory. You should be able to use systemctl to enable and start bitcoind now, but of course it'll start downloading the blockchain from the start. If you change your simlink and use the same directory on the USB drive, you'll need to start bitcoind manually the first time with -reindex.

I find this is the most reliable way to run bitcoind with systemd.

darkv0rt3x

hero member

Activity: 1274

Merit: 681

I rather die on my feet than to live on my knees

Finally I think I have my unit file running. Here it is, in case someone has similar issues.

This is only needed because I didn't install bitcoin core in my system. Rather I ran only:

Code:

./configure && make

So, some of the options needed to be changed. I also omitted some options because either they didn't work or I didn't know if I should/could have them in my particular case (bitcoin core not instlled with sudo make install).
Another particular situation of mine is that I'm running bitcoin as my own user. I didn't create a user specific for running bitcoind as it is running on a dedicated SBC.

Code:

[Unit]
Description=Bitcoin daemon
Documentation=https://github.com/bitcoin/bitcoin/blob/master/doc/init.md

After=network-online.target
Wants=network-online.target

[Service]
ExecStart=/home/darkv0rt3x/Downloads/bitcoin-0.21.0/bin/bitcoind \
						-pid=/home/darkv0rt3x/.bitcoin/bitcoin.pid \
						-conf=/home/pdarkv0rt3x/.bitcoin/bitcoin.conf

# Make sure the config directory is readable by the service user
PermissionsStartOnly=true
ExecPre=/bin/chgrp darkv0rt3x /home/darkv0rt3x/Downloads/bitcoin-0.21.0/bin

# Process Management
####################

Type=simple
PIDFile=/home/darkv0rt3x/.bitcoin/bitcoin.pid
Restart=on-failure
TimeoutStartSec=infinity
TimeoutStopSec=600

# Directory creation an permissions
###################################

User=darkv0rt3x
Group=darkv0rt3x

# Mount /usr, /boot and /etc as read-only for the process
ProtectSystem=full

# Disallow and all of it's children to gain
# new privileges through execve()
NoNewPrivileges=true

# Use a new /dev namespace only populated with API pseudo devices
# such as /dev/null, /dev/zero and /dev/random
PrivateDevices=true

# Deny the creation of wriatble and executable memory mappings
MemoryDenyWriteExecute=true

[Install]
WantedBy=multi-user.target

For instance, the option Type doesn't work for me if I use the value forking. Therefore, I used simple.

darkv0rt3x

hero member

Activity: 1274

Merit: 681

I rather die on my feet than to live on my knees

Hello,

I need some help because I don't fully understand all options being used in the unit service file of bitcoin core daemon taken from here:
https://github.com/bitcoin/bitcoin/blob/master/contrib/init/bitcoind.service

I have bitcoin core daemon running on a RockPro64 board. I have compiled but I have not installed the daemon (I didn't run the `make install`command).

The directory structure is like this:

Code:

~/.bitcoind

All resides in this directory but the ./blocks folder which is in an external USB drive. This directory is pointed to by a symlink inside ~/.bitcoind like this:

Code:

lrwxrwxrwx 1 darkv0rt3x darkv0rt3x 24 Apr  4 00:58 .bitcoin/blocks -> /media/WdElements/blocks

I think some of the lines inside the unit file needs to be adapted to this folder structure, right?

So, this is my current unit file:

Code:

# It is not recommended to modify this file in-place, because it will
# be overwritten during package upgrades. If you want to add further
# options or overwrite existing ones then use
# $ systemctl edit bitcoind.service
# See "man systemd.service" for details.

# Note that almost all daemon options could be specified in
# /etc/bitcoin/bitcoin.conf, but keep in mind those explicitly
# specified as arguments in ExecStart= will override those in the
# config file.

[Unit]
Description=Bitcoin daemon
Documentation=https://github.com/bitcoin/bitcoin/blob/master/doc/init.md

# https://www.freedesktop.org/wiki/Software/systemd/NetworkTarget/
After=network-online.target
Wants=network-online.target

[Service]
ExecStart=/home/darkv0rt3x/Downloads/bitcoin-0.21.0/bin/bitcoind -daemonwait \
                            -pid=/home/darkv0rt3x/.bitcoin/bitcoind.pid \
                            -conf=/home/darkv0rt3x/Downloads/bitcoin-0.21.0/bitcoin.conf \
                            -datadir=/home/darkv0rt3x/.bitcoin

# Make sure the config directory is readable by the service user
PermissionsStartOnly=true
ExecStartPre=/bin/chgrp bitcoin /etc/bitcoin  < ------ I'm not sure about this line. Need change or not?

# Process management
####################

Type=forking
PIDFile=/home/darkv0rt3x/.bitcoin/bitcoind.pid
Restart=on-failure
TimeoutStartSec=infinity
TimeoutStopSec=600

# Directory creation and permissions
####################################

# Run as bitcoin:bitcoin
User=bitcoin < -------- not sure if this also needs changes or not...???
Group=bitcoin < -------- not sure if this also needs changes or not...???

# /run/bitcoind
RuntimeDirectory=bitcoind < -------- not sure if this also needs changes or not...???
RuntimeDirectoryMode=0710 < -------- not sure if this also needs changes or not...???

# /etc/bitcoin
ConfigurationDirectory=bitcoin < -------- not sure if this also needs changes or not...???
ConfigurationDirectoryMode=0710 < -------- not sure if this also needs changes or not...???

# /var/lib/bitcoind
StateDirectory=bitcoind < -------- not sure if this also needs changes or not...???
StateDirectoryMode=0710 < -------- not sure if this also needs changes or not...???

# Hardening measures
####################

# Provide a private /tmp and /var/tmp.
PrivateTmp=true < ----- Do I need this?

# Mount /usr, /boot/ and /etc read-only for the process.
ProtectSystem=full < ----- Do we need this?

# Deny access to /home, /root and /run/user
ProtectHome=true < ----- Do we need this?

# Disallow the process and all of its children to gain
# new privileges through execve().
NoNewPrivileges=true < ----- Do we need this?

# Use a new /dev namespace only populated with API pseudo devices
# such as /dev/null, /dev/zero and /dev/random.
PrivateDevices=true < ----- Do we need this?

# Deny the creation of writable and executable memory mappings.
MemoryDenyWriteExecute=true < ----- Do we need this?

[Install]
WantedBy=multi-user.target

Thanks for helping
dark

Topic: bitcoind systemd service unit file (Read 129 times)