Don't let systemd hide /home and /tmp

Admins might expect ejabberd to be able to access data below /home or
/tmp.  For example, they might use those locations to dump/restore
Mnesia backups, or as a document root for mod_http_fileserver or
mod_http_upload.

Fixes #1297.

diff --git a/ejabberd.service.template b/ejabberd.service.template
index 49ba14737caa0ed4e597291fa2a9c7ca060bd809..fdb8fd0b717b001a62bb4c99e1bdd0d550a2d0ad 100644 (file)
--- a/ejabberd.service.template
+++ b/ejabberd.service.template
@@ -14,9 +14,7 @@ Type=oneshot
 RemainAfterExit=yes
 # The CAP_DAC_OVERRIDE capability is required for pam authentication to work
 CapabilityBoundingSet=CAP_DAC_OVERRIDE
-PrivateTmp=true
 PrivateDevices=true
-ProtectHome=true
 ProtectSystem=full
 NoNewPrivileges=true