bitcoind service (systemd) cannot run SOLVED

[sherlockphone]

I have a PC with opensuse leap 15.5 + KDE + bitcoin core 26.0 (/usr/local/bin/bitcoind -rwxr-xr-x 1 root root) the /home/bitcoin/.bitcoin (lrwxrwxrwx 1 bitcoin bitcoin) directory is a symlink to an external disk (/run/media/ibm/BB/BTCbc/ (drwxrwx--- 6 bitcoin bitcoin).

I login with the user ibm which is part of the bitcoin group and I run bitcoind and bitcoin-qt without problems.

I want to run the node as a service from the boot of the PC.

This is the unit/service file's (/etc/systemd/system/bitcoind.service -rwxr--r-- 1 root root) content:

[Unit]
Description=Bitcoin daemon
Documentation=https://github.com/bitcoin/bitcoin/blob/master/doc/init.md

# https[Suspicious link removed]cStart=/usr/local/bin/bitcoind -daemon
                        -pid=/home/bitcoin/.bitcoin/bitcoind.pid \
                        -conf=/home/bitcoin/.bitcoin/bitcoin.conf \
                        -datadir=/home/bitcoin/.bitcoin \
                        -startupnotify='systemd-notify --ready' \
                        -shutdownnotify='systemd-notify --stopping'
ExecStop=/usr/local/bin/bitcoin-cli -datadir=/home/bitcoin/.bitcoin stop

# Make sure the config directory is readable by the service user
PermissionsStartOnly=true
ExecStartPre=/bin/chgrp bitcoin /home/bitcoin/.bitcoin

# Process management
####################

Type=notify
NotifyAccess=all
PIDFile=/home/bitcoin/.bitcoin/bitcoind.pid
#PIDFile=/run/bitcoind/bitcoind.pid

Restart=on-failure
TimeoutStartSec=infinity
TimeoutStopSec=600

# Directory creation and permissions
####################################

# Run as bitcoin:bitcoin
User=bitcoin
Group=bitcoin

# /run/bitcoind
RuntimeDirectory=bitcoind
RuntimeDirectoryMode=0710

# /etc/bitcoin
ConfigurationDirectory=bitcoin
ConfigurationDirectoryMode=0710

# /var/lib/bitcoind
StateDirectory=bitcoind
StateDirectoryMode=0710

# Hardening measures
####################

# Provide a private /tmp and /var/tmp.
PrivateTmp=true

# Mount /usr, /boot/ and /etc read-only for the process.
ProtectSystem=full

# Deny access to /home, /root and /run/user
ProtectHome=true

# Disallow the process and all of its children to gain
# new privileges through execve().
NoNewPrivileges=true

# Use a new /dev namespace only populated with API pseudo devices
# such as /dev/null, /dev/zero and /dev/random.
PrivateDevices=true

# Deny the creation of writable and executable memory mappings.
MemoryDenyWriteExecute=true

# Restrict ABIs to help ensure MemoryDenyWriteExecute is enforced
SystemCallArchitectures=native

[Install]
WantedBy=multi-user.target

############################ END

the /home/bitcoin/.bitcoin/bitcoin.conf file use the default configuration, does not point to any datadir other than the default one.

so I try to run the bitcoind service with sudo systemctl start bitcoind.service to check if it runs well before enabling it I get the following error:

Job for bitcoind.service failed because the control process exited with error code.

2024-04-27T00:57:46.787821-04:00 localhost sudo:      ibm : TTY=pts/2 ; PWD=/var/log ; USER=root ; COMMAND=/usr/bin/systemctl start bitcoind
2024-04-27T00:57:46.791118-04:00 localhost sudo: pam_unix(sudo:session): session opened for user root by ibm(uid=1000)
2024-04-27T00:57:46.806448-04:00 localhost systemd[1]: Starting Bitcoin daemon...
2024-04-27T00:57:47.018335-04:00 localhost bitcoind[7192]: Error: filesystem error: status: Permission denied [/home/bitcoin/.bitcoin]
2024-04-27T00:57:47.019455-04:00 localhost systemd[1]: bitcoind.service: Main process exited, code=exited, status=1/FAILURE
2024-04-27T00:57:47.019561-04:00 localhost systemd[1]: bitcoind.service: Failed with result 'exit-code'.
2024-04-27T00:57:47.020037-04:00 localhost systemd[1]: Failed to start Bitcoin daemon.
2024-04-27T00:57:47.023654-04:00 localhost sudo: pam_unix(sudo:session): session closed for user root

I don't understand this, since all permissions and ownership are granted, what is systemd denying access to /home/bitcoin/.bitcoin during the execution of bitcoind.service?  


SOLVED:

The problem was the following line ProtectHome=true in the Hardening measures section in the bitcoind.service file

I set it to false and now the node starts as a service

thanks to all, especially to BitMaxz who gave me the correct solution.

[1715335766]

1715335766

[1715335766]

1715335766

[1715335766]

1715335766

[1715335766]

1715335766

[LoyceV]

2024-04-27T00:57:47.018335-04:00 localhost bitcoind[7192]: Error: filesystem error: status: Permission denied [/home/bitcoin/.bitcoin]

Is the external disk mounted yet at this point?

[BitMaxz]

I found a similar issue on Google and it seems that you need to edit the bitcoind.service because it is configured as user: bitcoin and group: bitcoin by default you need to replace it with root if you were currently running it on root user.

And also I'm pointing out this setting below and you set it to true which is why the error denied access popup while currently running it on the root user change it to false and try to run it again.
"# Deny access to /home, /root and /run/user
ProtectHome=true"

Here's the source below that I found and hope you can get some idea how to set up bitcoind.service properly.

- https://bitcoin.stackexchange.com/questions/118725/bitcoind-service-cant-start-on-mounted-drive

[ABCbits]

I have a PC with opensuse leap 15.5 + KDE + bitcoin core 26.0 (/usr/local/bin/bitcoind -rwxr-xr-x 1 root root) the /home/bitcoin/.bitcoin (lrwxrwxrwx 1 bitcoin bitcoin) directory is a symlink to an external disk (/run/media/ibm/BB/BTCbc/ (drwxrwx--- 6 bitcoin bitcoin).

Have you checked whether your external disk always mounted on exactly same path? If that external disk always mounted when you turn on your PC, consider editing fstab file to make sure your external disk always mounted on same path.

[sherlockphone]

I found a similar issue on Google and it seems that you need to edit the bitcoind.service because it is configured as user: bitcoin and group: bitcoin by default you need to replace it with root if you were currently running it on root user.

And also I'm pointing out this setting below and you set it to true which is why the error denied access popup while currently running it on the root user change it to false and try to run it again.
"# Deny access to /home, /root and /run/user
ProtectHome=true"

Here's the source below that I found and hope you can get some idea how to set up bitcoind.service properly.

- https://bitcoin.stackexchange.com/questions/118725/bitcoind-service-cant-start-on-mounted-drive

Thank you BitMaxz, the problem was the line ProtectHome=true