This unit is provided by:
Options
-
[Service]-
CapabilityBoundingSet=CAP_DAC_READ_SEARCH
-
ExecStart=/bin/sh -c '/usr/bin/pwck -r || r=1; /usr/bin/grpck -r && exit $r' -
ExecStart=/usr/sbin/pwck -r /usr/sbin/grpck -r
-
IOSchedulingClass=best-effort -
IOSchedulingPriority=7 -
IPAddressDeny=any -
LockPersonalityIntroduced in systemd 235=yes -
MemoryDenyWriteExecuteIntroduced in systemd 231=yes -
Nice=19 -
NoNewPrivilegesIntroduced in systemd 239=yes -
PrivateDevicesIntroduced in systemd 209=yes -
PrivateNetwork=yes -
PrivateTmp=yes -
ProcSubsetIntroduced in systemd 247=pid -
ProtectClockIntroduced in systemd 245=yes -
ProtectControlGroupsIntroduced in systemd 232=yes -
ProtectHomeIntroduced in systemd 214=read-only -
ProtectHostnameIntroduced in systemd 242=yes -
ProtectKernelLogsIntroduced in systemd 244=yes -
ProtectKernelModulesIntroduced in systemd 232=yes -
ProtectKernelTunablesIntroduced in systemd 232=yes -
ProtectProcIntroduced in systemd 247=invisible -
ProtectSystemIntroduced in systemd 214=full -
ProtectSystemIntroduced in systemd 214=strict -
RestrictAddressFamilies=none -
RestrictNamespacesIntroduced in systemd 233=yes -
RestrictRealtimeIntroduced in systemd 231=yes -
RestrictSUIDSGIDIntroduced in systemd 242=yes -
SystemCallArchitectures=native -
SystemCallFilter=@system-service ~@resources ~@privileged -
Type=oneshot -
UMask=0077
-
-
[Unit]-
After=systemd-sysusers.service -
Description=Verify integrity of password and group files
-
Additionnal notes
Nothing here.