Hi, I'm trying to write a service file for a daemon and having some problems. I believe the issue is with the ability to give the process write and read access to parts of the filesystem which appear to somehow be restricted. The daemon is the Avira virus scanner, which runs under amavisd-new. The daemon's home directory is /usr/local/savapi-sdk-linux_glibc24_x86_64, and it needs write access in the modules directory. The daemon can run as root or as the amavis user. It drops its privileges to the amavis user after starting anyway. Here is what I have so far: # cat /etc/systemd/system/savapi.service [Unit] Description=Avira Antivirus SDK Documentation=http://www.ijs.si/software/amavisd/#doc After=network.target Wants=clamd(a)amavisd.service Wants=postfix.service RequiresMountsFor="/usr/local/savapi-sdk-linux_glibc24_x86_64" [Service] Type=forking User=amavis Group=amavis PIDFile=/var/run/amavisd/savapi.pid ExecStart=/var/spool/amavisd/savapi.sh start ExecReload=/var/spool/amavisd/savapi.sh reload Restart=on-failure #PrivateTmp= PrivateDevices=false CapabilityBoundingSet= ProtectSystem=full ProtectHome=true [Install] WantedBy=multi-user.target I've specified "RequiresMountsFor", which I understood could be used to provide access to parts of the filesystem. I've also disabled PrivateTmp and PrivateDevices. The ExecStart script just spawns the savapi daemon: #!/bin/bash cd /usr/local/savapi-sdk-linux_glibc24_x86_64/bin ./savapi --config=savapi.conf & When I attempt to start the service, journalctl -xe shows me: Validation failed for option 'ModulesDir' with value '/usr/local/savapi-sdk-linux_glibc24_x86_64/modules'. Path cannot be accessed (no write permission). ModulesDir is /usr/local/savapi-sdk-linux_glibc24_x86_64/modules When I run the script manually as root or as the amavis user, it runs successfully. I think the problem is that I don't understand how systemd processes access the filesystem and the restrictions on permissions. Any ideas greatly appreciated. Thanks, Alex