On 10/2/21 4:21 am, Adrian Sevcenco wrote: > Hi! Does anyone have an idea how can i (in a nice way [1]) to ensure > ownership/permissions of log directory in /var/log for a unit > that drops privileges to a user (with User=/Group=) > > [1] The ugly way being with script in StartPre and sudo in Start > so i want to use User= > I'm aware of LogsDirectory= but is not available on EL7 > > Thanks a lot! > Adrian > If you know the username/group/directory beforehand, then you could use setfacl on the directory and permissions should trickle down to new directories/files. Not sure though what implications this has for SELinux. https://www.redhat.com/sysadmin/linux-access-control-lists