Securing via systemd, a story
Last night I deployed a https://writefreely.org based blog and secured it with
systemd by adding DynamicUser=yes
. But the service itself could not write to
the sqlite database.
Feb 28 21:37:52 kushaldas.se writefreely[1652088]: ERROR: 2024/02/28 21:37:52 database.go:3000: Couldn't insert into posts: attempt to write a readonly database
Today morning I realized that the settings blocked writing to all paths except
few temporary ones. I had to add a StateDirectory
and used the same in
WorkingDirectory
so that the service works correctly.