A common and reliable pattern in service unit files is thus:
NoNewPrivileges=yes
PrivateTmp=yes
PrivateDevices=yes
DevicePolicy=closed
ProtectSystem=strict
#!/bin/bash | |
#=============================================================================== | |
# This is a template for a script I use on a lot of sites to copy the database | |
# (MySQL) and any uploaded files to the development site, and modify the | |
# database as required. | |
# | |
# The script should be on the development server. The live site can either be on | |
# the same server, or a remote server connected via SSH. | |
# |
#!/usr/bin/env sh | |
set -e # fail on unhandled error | |
set -u # fail on undefined variable | |
#set -x # debug | |
alias command_exists="type >/dev/null 2>&1" | |
if command_exists curl; then |