Server IP : 85.214.239.14 / Your IP : 3.12.154.21 Web Server : Apache/2.4.62 (Debian) System : Linux h2886529.stratoserver.net 4.9.0 #1 SMP Tue Jan 9 19:45:01 MSK 2024 x86_64 User : www-data ( 33) PHP Version : 7.4.18 Disable Function : pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare, MySQL : OFF | cURL : OFF | WGET : ON | Perl : ON | Python : ON | Sudo : ON | Pkexec : OFF Directory : /lib/systemd/system/ |
Upload File : |
# It's not recommended to modify this file in-place, because it will be # overwritten during upgrades. If you want to customize, the best # way is to use the "systemctl edit" command to create an override unit. # # For example, to pass additional options, create an override unit # (as is done by systemctl edit) and enter the following: # # [Service] # Environment=OPTIONS="-l 127.0.0.1,::1" [Unit] Description=memcached daemon After=network.target Documentation=man:memcached(1) [Service] ExecStart=/usr/share/memcached/scripts/systemd-memcached-wrapper /etc/memcached.conf # Set up a new file system namespace and mounts private /tmp and /var/tmp # directories so this service cannot access the global directories and # other processes cannot access this service's directories. PrivateTmp=true # Mounts the /usr, /boot, and /etc directories read-only for processes # invoked by this unit. ProtectSystem=full # Ensures that the service process and all its children can never gain new # privileges NoNewPrivileges=true # Sets up a new /dev namespace for the executed processes and only adds API # pseudo devices such as /dev/null, /dev/zero or /dev/random (as well as # the pseudo TTY subsystem) to it, but no physical devices such as /dev/sda. PrivateDevices=true # Required for dropping privileges and running as a different user CapabilityBoundingSet=CAP_SETGID CAP_SETUID CAP_SYS_RESOURCE # Restricts the set of socket address families accessible to the processes # of this unit. Protects against vulnerabilities such as CVE-2016-8655 RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX # Attempts to create memory mappings that are writable and executable at # the same time, or to change existing memory mappings to become executable # are prohibited. MemoryDenyWriteExecute=true # Explicit module loading will be denied. This allows to turn off module # load and unload operations on modular kernels. It is recommended to turn # this on for most services that do not need special file systems or extra # kernel modules to work. ProtectKernelModules=true # Kernel variables accessible through /proc/sys, /sys, /proc/sysrq-trigger, # /proc/latency_stats, /proc/acpi, /proc/timer_stats, /proc/fs and /proc/irq # will be made read-only to all processes of the unit. Usually, tunable # kernel variables should only be written at boot-time, with the sysctl.d(5) # mechanism. Almost no services need to write to these at runtime; it is hence # recommended to turn this on for most services. ProtectKernelTunables=true # The Linux Control Groups (cgroups(7)) hierarchies accessible through # /sys/fs/cgroup will be made read-only to all processes of the unit. # Except for container managers no services should require write access # to the control groups hierarchies; it is hence recommended to turn this # on for most services ProtectControlGroups=true # Any attempts to enable realtime scheduling in a process of the unit are # refused. RestrictRealtime=true # Takes away the ability to create or manage any kind of namespace RestrictNamespaces=true PIDFile=/run/memcached/memcached.pid # try to restart if errors encountered Restart=always [Install] WantedBy=multi-user.target