Originally when I started writing units I read that the units should be made executable. As scripts need to be executable that made perfect sense to me. However, after more research I found that is not required for systemd units, and it is erroneous to set them as executable.
This basic stuff that I have gathered so far:
Recommended Permissions For Systemd Unit Files
System-wide service units should be located in:
Systemd unit files (and any associated scripts) should have permissions set to 0644 (rw- r-- r–).
Recommended Directories For Systemd Unit Files
Directory For Systemd Unit Files Executed At The System Level.
The recommended location to put “system-wide” unit files is:
This is the preferred location for the system administrator to add new system-wide services. Unit files found in this directory location take precedence over any of the other locations on the file system. If you need to modify the system’s copy of a unit file, putting a replacement in this directory is the safest and most flexible way to do this.
Directory For Systemd Unit Files Executed At The User Level:
The preferred location to put “USER” unit files is:
You should also enable lingering for any user services that need to be available at startup.
loginctl enable-linger $USER
Recommended Directories For Systemd Executed External Scripts
Recommended Directory For External Scripts Executed At The System-Wide Level:
Scripts located in this directory can only be run by root as it is the system binary directory.
Recommended directories for external scripts executed at a user level by systemd units
One location that can be used for scripts to be run by all “users” is:
The preferred location to store scripts that are run as a standard user by systemd is: