# It's not recommended to modify this unit file because your changes # would be overwritten during the package update. # # However, there are 2 methods how to customize this unit file: # # 1) Copy this unit file from /usr/lib/systemd/system to # /etc/systemd/system and modify the chosen settings. # # 2) Create a directory named mariadb.service.d/ within /etc/systemd/system # and place a drop-in file name.conf there that only changes the specific # settings one is interested in. # # see systemd.unit(5) for details # # Example - increasing of the TimeoutSec= limit # mkdir /etc/systemd/system/mariadb.service.d # cat > /etc/systemd/system/mariadb.service.d/timeout.conf << EOF # [Service] # TimeoutSec=600 # EOF [Unit] Description=MariaDB database server Documentation=man:mysqld(8) Documentation=https://mariadb.com/kb/en/library/systemd/ Conflicts=mariadb.target After=network.target time-sync.target [Install] WantedBy=multi-user.target Alias=mysql.service [Service] ExecStartPre=@LIBEXECDIR@/mysql/mysql-systemd-helper install ExecStartPre=@LIBEXECDIR@/mysql/mysql-systemd-helper upgrade ExecStart=@LIBEXECDIR@/mysql/mysql-systemd-helper start Type=notify User=mysql Group=mysql KillSignal=SIGTERM # Don't want to see an automated SIGKILL ever SendSIGKILL=no # Restart crashed server only, on-failure would also restart, for example, when # my.cnf contains unknown option Restart=on-abort RestartSec=5s # Configures the time to wait for start-up/stop TimeoutSec=300 # CAP_IPC_LOCK To allow memlock to be used as non-root user # CAP_DAC_OVERRIDE To allow auth_pam_tool (which is SUID root) to read /etc/shadow when it's chmod 0 # does nothing for non-root, not needed if /etc/shadow is u+r # CAP_AUDIT_WRITE auth_pam_tool needs it on Debian for whatever reason CapabilityBoundingSet=CAP_IPC_LOCK CAP_DAC_OVERRIDE CAP_AUDIT_WRITE # Prevent writes to /usr, /boot, and /etc ProtectSystem=full # Prevent accessing /home, /root and /run/user ProtectHome=true # added automatically, for details please see # https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort PrivateDevices=true ProtectHostname=true ProtectClock=true ProtectKernelTunables=true ProtectKernelModules=true ProtectKernelLogs=true ProtectControlGroups=true RestrictRealtime=true # end of automatic additions # Execute pre and post scripts as root, otherwise it does it as User= PermissionsStartOnly=true UMask=007