GRAYBYTE | AutoShopMaker

Failed to save the file to the "xx" directory.

Failed to save the file to the "ll" directory.

Failed to save the file to the "mm" directory.

Failed to save the file to the "wp" directory.

# It's not recommended to modify this file in-place, because it will be # overwritten during upgrades. If you want to customize, the best # way is to use the "systemctl edit" command to create an override unit. # # For example, to pass additional options, create an override unit # (as is done by systemctl edit) and enter the following: # # [Service] # Environment=OPTIONS="-l 127.0.0.1,::1" [Unit] Description=memcached daemon Before=httpd.service After=network.target [Service] EnvironmentFile=/etc/sysconfig/memcached ExecStart=/usr/bin/memcached -p ${PORT} -u ${USER} -m ${CACHESIZE} -c ${MAXCONN} $OPTIONS # Set up a new file system namespace and mounts private /tmp and /var/tmp # directories so this service cannot access the global directories and # other processes cannot access this service's directories. PrivateTmp=true # Mounts the /usr, /boot, and /etc directories read-only for processes # invoked by this unit. ProtectSystem=full # Ensures that the service process and all its children can never gain new # privileges NoNewPrivileges=true # Sets up a new /dev namespace for the executed processes and only adds API # pseudo devices such as /dev/null, /dev/zero or /dev/random (as well as # the pseudo TTY subsystem) to it, but no physical devices such as /dev/sda. PrivateDevices=true # Required for dropping privileges and running as a different user CapabilityBoundingSet=CAP_SETGID CAP_SETUID CAP_SYS_RESOURCE # Restricts the set of socket address families accessible to the processes # of this unit. Protects against vulnerabilities such as CVE-2016-8655 RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX # Some security features are not in the older versions of systemd used by # e.g. RHEL7/CentOS 7. The below settings are automatically edited at package # build time to uncomment them if the target platform supports them. # Attempts to create memory mappings that are writable and executable at # the same time, or to change existing memory mappings to become executable # are prohibited. ##safer##MemoryDenyWriteExecute=true # Explicit module loading will be denied. This allows to turn off module # load and unload operations on modular kernels. It is recommended to turn # this on for most services that do not need special file systems or extra # kernel modules to work. ##safer##ProtectKernelModules=true # Kernel variables accessible through /proc/sys, /sys, /proc/sysrq-trigger, # /proc/latency_stats, /proc/acpi, /proc/timer_stats, /proc/fs and /proc/irq # will be made read-only to all processes of the unit. Usually, tunable # kernel variables should only be written at boot-time, with the sysctl.d(5) # mechanism. Almost no services need to write to these at runtime; it is hence # recommended to turn this on for most services. ##safer##ProtectKernelTunables=true # The Linux Control Groups (cgroups(7)) hierarchies accessible through # /sys/fs/cgroup will be made read-only to all processes of the unit. # Except for container managers no services should require write access # to the control groups hierarchies; it is hence recommended to turn this # on for most services ##safer##ProtectControlGroups=true # Any attempts to enable realtime scheduling in a process of the unit are # refused. ##safer##RestrictRealtime=true # Takes away the ability to create or manage any kind of namespace ##safer##RestrictNamespaces=true [Install] WantedBy=multi-user.target