From 824c4cdcc99c2fa621bc1897e809d572facbe3e7 Mon Sep 17 00:00:00 2001
From: DL6ER <dl6er@dl6er.de>
Date: Sat, 21 Apr 2018 16:43:59 +0200
Subject: [PATCH] Use PermissionStartOnly to be granted root permissions for
 prestart commands

Signed-off-by: DL6ER <dl6er@dl6er.de>
---
 advanced/pihole-FTL.systemd | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/advanced/pihole-FTL.systemd b/advanced/pihole-FTL.systemd
index 053bd83a..e7aaf52d 100644
--- a/advanced/pihole-FTL.systemd
+++ b/advanced/pihole-FTL.systemd
@@ -13,14 +13,16 @@ Before=nss-lookup.target
 
 [Service]
 Restart=on-abnormal
-User=root
-Group=root
+User=pihole
+Group=pihole
+PermissionsStartOnly=true
 
 Type=forking
 PIDFile=/run/pihole-FTL.pid
 
 ExecStartPre=/bin/bash /opt/pihole/pihole-FTL-prestart.sh
-ExecStart=/bin/su -s /bin/sh -c "/usr/bin/pihole-FTL" "pihole"
+;ExecStartPre=/sbin/setcap cap_net_bind_service,cap_net_raw,cap_net_admin+eip /usr/bin/pihole-FTL
+ExecStart=/usr/bin/pihole-FTL
 ExecReload=/bin/kill -HUP $MAINPID
 
 ; Use graceful shutdown with a reasonable timeout