Based on chungy's system service
Place minecraft@.service in /lib/systemd/system
, and run systemctl daemon-reload
. mc-< your server name > should go into /etc/conf.d
or an equivalent directory (change the path in the service too). /etc/conf.d/mc-<your server name>
should not have world permissions. chown root:root
and chmod 600
the file. Your server should be at /opt/minecraft/<your server name>
and your server executable should be called server.jar.
The user and group minecraft should exist. The minecraft user should only be a member of the minecraft group, for system security. The service is set up as such that security exploits of the Minecraft server and/or Java do not severely affect the rest of the system. /home is entirely inaccessible, /tmp and /var/tmp are sandboxed, no real device access is possible, and system directories like /etc cannot be written to. This takes hold even if there are otherwise file modes that would allow