Let systemd create directories

Manually creating directories conflicts with systemd service hardening
features. Particularly, `ProtectSystem=strict` mounts the filesystem as
read-only for the processes started by the unit which leads to `mkdir`
failing.

By setting `User=mosquitto` and adding `RuntimeDirectory` and
`LogsDirectory`, systemd creates `/run/mosquitto` and
`/var/log/mosquitto` with the right permissions even
`ProtectSystem=strict` is used.

Signed-off-by: Guillaume Champagne <champagne.guillaume.c@gmail.com>

service/systemd/mosquitto.service.notify

@@ -5,16 +5,15 @@ After=network.target
 Wants=network.target
 
 [Service]
+User=mosquitto
 Type=notify
 WatchdogSec=3min
 NotifyAccess=main
 ExecStart=/usr/sbin/mosquitto -c /etc/mosquitto/mosquitto.conf
 ExecReload=/bin/kill -HUP $MAINPID
 Restart=on-failure
-ExecStartPre=/bin/mkdir -m 740 -p /var/log/mosquitto
-ExecStartPre=/bin/chown mosquitto:mosquitto /var/log/mosquitto
-ExecStartPre=/bin/mkdir -m 740 -p /run/mosquitto
-ExecStartPre=/bin/chown mosquitto:mosquitto /run/mosquitto
+RuntimeDirectory=mosquitto
+LogsDirectory=mosquitto
 
 [Install]
 WantedBy=multi-user.target

service/systemd/mosquitto.service.simple

@@ -5,13 +5,12 @@ After=network.target
 Wants=network.target
 
 [Service]
+User=mosquitto
 ExecStart=/usr/sbin/mosquitto -c /etc/mosquitto/mosquitto.conf
 ExecReload=/bin/kill -HUP $MAINPID
 Restart=on-failure
-ExecStartPre=/bin/mkdir -m 740 -p /var/log/mosquitto
-ExecStartPre=/bin/chown mosquitto:mosquitto /var/log/mosquitto
-ExecStartPre=/bin/mkdir -m 740 -p /run/mosquitto
-ExecStartPre=/bin/chown mosquitto:mosquitto /run/mosquitto
+RuntimeDirectory=mosquitto
+LogsDirectory=mosquitto
 
 [Install]
 WantedBy=multi-user.target