[systemd-devel] Service should run with a certain User?
Hi all, after doing the simple examples of .service scripts, i was able to run some of my home-brewn services with fedora 15 beta. However now i tried something advanced (?) and i have to admit defeat. I have simply no idea how to proceed. I used to run with upstart a script with an ugly solution to do something like that su cruisctl -c servicescript.sh This was not pretty, however the script did run under the wanted user. Now i tried the same thing with systemd. It worked if tried the ugly solution. I found that systemd has thee User= option, so i tried to avoid the su and start the script with systemed. But the service doesn't start when i set the User= option, it always returns a 203 error. Can somebody tell me what i am doing wrong? Here is my test setup [Unit] Description=Cruise Control After=local-fs.target network.target [Service] Type=simple EnvironmentFile=/etc/sysconfig/cruisctl User=cruisctl WorkingDirectory=/var/cruisecontrol #ExecStart=/usr/bin/java $CRUISCTLOPTIONS ExecStart=/root/test.sh $CRUISCTLOPTIONS [Install] WantedBy=multi-user.target The test.sh looks like this #!/bin/sh echo Start /tmp/x echo Directory: $(pwd) /tmp/x echo Ant Home: $ANT_HOME /tmp/x echo $1 $2 $3 $4 $5 $6 /tmp/x sleep 60 Error is like that cruisctl.service - Cruise Control Loaded: loaded (/lib/systemd/system/cruisctl.service) Active: failed Process: 4313 ExecStart=/root/test.sh $CRUISCTLOPTIONS (code=exited, status=203/EXEC) CGroup: name=systemd:/system/cruisctl.service ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] Service should run with a certain User?
Hi, I am embarrassed to answer myself after hitting the send button. Of course i should not have put test.sh in /root , because the user has no rights to access it... It works now - but now the stopping the service seems a problem. It always goes to failed because the java vm seems to provide a status=143 Loaded: loaded (/lib/systemd/system/cruisctl.service) Active: failed Process: 4811 ExecStart=/usr/bin/java $CRUISCTLOPTIONS (code=exited, status=143) CGroup: name=systemd:/system/cruisctl.service Regards (and hoping that the solution will also come to me when i hit the send button) Here is the working script: # # Install # in directory /lib/systemd/system [Unit] Description=Cruise Control After=local-fs.target network.target [Service] Type=simple EnvironmentFile=/etc/sysconfig/cruisctl User=cruisctl WorkingDirectory=/var/cruisecontrol ExecStart=/usr/bin/java $CRUISCTLOPTIONS #ExecStart=/tmp/test.sh $CRUISCTLOPTIONS [Install] WantedBy=multi-user.target Am 23.04.2011 10:03, schrieb Baldur: Hi all, after doing the simple examples of .service scripts, i was able to run some of my home-brewn services with fedora 15 beta. However now i tried something advanced (?) and i have to admit defeat. I have simply no idea how to proceed. I used to run with upstart a script with an ugly solution to do something like that su cruisctl -c servicescript.sh This was not pretty, however the script did run under the wanted user. Now i tried the same thing with systemd. It worked if tried the ugly solution. I found that systemd has thee User= option, so i tried to avoid the su and start the script with systemed. But the service doesn't start when i set the User= option, it always returns a 203 error. Can somebody tell me what i am doing wrong? Here is my test setup [Unit] Description=Cruise Control After=local-fs.target network.target [Service] Type=simple EnvironmentFile=/etc/sysconfig/cruisctl User=cruisctl WorkingDirectory=/var/cruisecontrol #ExecStart=/usr/bin/java $CRUISCTLOPTIONS ExecStart=/root/test.sh $CRUISCTLOPTIONS [Install] WantedBy=multi-user.target The test.sh looks like this #!/bin/sh echo Start /tmp/x echo Directory: $(pwd) /tmp/x echo Ant Home: $ANT_HOME /tmp/x echo $1 $2 $3 $4 $5 $6 /tmp/x sleep 60 Error is like that cruisctl.service - Cruise Control Loaded: loaded (/lib/systemd/system/cruisctl.service) Active: failed Process: 4313 ExecStart=/root/test.sh $CRUISCTLOPTIONS (code=exited, status=203/EXEC) CGroup: name=systemd:/system/cruisctl.service ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel Am 23.04.2011 10:03, schrieb Baldur: Hi all, after doing the simple examples of .service scripts, i was able to run some of my home-brewn services with fedora 15 beta. However now i tried something advanced (?) and i have to admit defeat. I have simply no idea how to proceed. I used to run with upstart a script with an ugly solution to do something like that su cruisctl -c servicescript.sh This was not pretty, however the script did run under the wanted user. Now i tried the same thing with systemd. It worked if tried the ugly solution. I found that systemd has thee User= option, so i tried to avoid the su and start the script with systemed. But the service doesn't start when i set the User= option, it always returns a 203 error. Can somebody tell me what i am doing wrong? Here is my test setup [Unit] Description=Cruise Control After=local-fs.target network.target [Service] Type=simple EnvironmentFile=/etc/sysconfig/cruisctl User=cruisctl WorkingDirectory=/var/cruisecontrol #ExecStart=/usr/bin/java $CRUISCTLOPTIONS ExecStart=/root/test.sh $CRUISCTLOPTIONS [Install] WantedBy=multi-user.target The test.sh looks like this #!/bin/sh echo Start /tmp/x echo Directory: $(pwd) /tmp/x echo Ant Home: $ANT_HOME /tmp/x echo $1 $2 $3 $4 $5 $6 /tmp/x sleep 60 Error is like that cruisctl.service - Cruise Control Loaded: loaded (/lib/systemd/system/cruisctl.service) Active: failed Process: 4313 ExecStart=/root/test.sh $CRUISCTLOPTIONS (code=exited, status=203/EXEC) CGroup: name=systemd:/system/cruisctl.service ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] Service should run with a certain User?
Hi 2011/4/23 Baldur bal...@email.de: Hi, I am embarrassed to answer myself after hitting the send button. Of course i should not have put test.sh in /root , because the user has no rights to access it... It works now - but now the stopping the service seems a problem. It always goes to failed because the java vm seems to provide a status=143 Loaded: loaded (/lib/systemd/system/cruisctl.service) Active: failed Process: 4811 ExecStart=/usr/bin/java $CRUISCTLOPTIONS (code=exited, status=143) CGroup: name=systemd:/system/cruisctl.service Regards (and hoping that the solution will also come to me when i hit the send button) The cleanest solution would of cause be to make the jvm exit with 0. But if that is not possible you can prefix the ExecStart path with a minus (ExecStart=-/usr/bin/java...). This way the exit status is ignored and the service should end up with status exited. Here is the working script: # # Install # in directory /lib/systemd/system [Unit] Description=Cruise Control After=local-fs.target network.target [Service] Type=simple Note that you don't need this line as simple is the default type EnvironmentFile=/etc/sysconfig/cruisctl User=cruisctl WorkingDirectory=/var/cruisecontrol ExecStart=/usr/bin/java $CRUISCTLOPTIONS #ExecStart=/tmp/test.sh $CRUISCTLOPTIONS [Install] WantedBy=multi-user.target Mirco ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
[systemd-devel] What makes systemd-nspawn not suitable for secure container setups?
The systemd-nspawn manpage lists the various mechanisms used to isolate the container, and then says Note that even though these security precautions are taken systemd-nspawn is not suitable for secure container setups. Many of the security features may be circumvented and are hence primarily useful to avoid accidental changes to the host system from the container. How can a process in a systemd-nspawn container circumvent the container setup? What additional steps would systemd-nspawn need to take to provide a secure container setup? - Josh Triplett ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] Service should run with a certain User (solved, new problem)?
Hi, I am embarrassed to answer myself after hitting the send button. Of course i should not have put test.sh in /root , because the user has no rights to access it... It works now - but now the stopping the service seems a problem. It always goes to failed because the java vm seems to provide a status=143 Loaded: loaded (/lib/systemd/system/cruisctl.service) Active: failed Process: 4811 ExecStart=/usr/bin/java $CRUISCTLOPTIONS (code=exited, status=143) CGroup: name=systemd:/system/cruisctl.service Regards (and hoping that the solution will also come to me when i hit the send button) Here is the working script: # # Install # in directory /lib/systemd/system [Unit] Description=Cruise Control After=local-fs.target network.target [Service] Type=simple EnvironmentFile=/etc/sysconfig/cruisctl User=cruisctl WorkingDirectory=/var/cruisecontrol ExecStart=/usr/bin/java $CRUISCTLOPTIONS #ExecStart=/tmp/test.sh $CRUISCTLOPTIONS [Install] WantedBy=multi-user.target Am 23.04.2011 10:03, schrieb Baldur: Hi all, after doing the simple examples of .service scripts, i was able to run some of my home-brewn services with fedora 15 beta. However now i tried something advanced (?) and i have to admit defeat. I have simply no idea how to proceed. I used to run with upstart a script with an ugly solution to do something like that su cruisctl -c servicescript.sh This was not pretty, however the script did run under the wanted user. Now i tried the same thing with systemd. It worked if tried the ugly solution. I found that systemd has thee User= option, so i tried to avoid the su and start the script with systemed. But the service doesn't start when i set the User= option, it always returns a 203 error. Can somebody tell me what i am doing wrong? Here is my test setup [Unit] Description=Cruise Control After=local-fs.target network.target [Service] Type=simple EnvironmentFile=/etc/sysconfig/cruisctl User=cruisctl WorkingDirectory=/var/cruisecontrol #ExecStart=/usr/bin/java $CRUISCTLOPTIONS ExecStart=/root/test.sh $CRUISCTLOPTIONS [Install] WantedBy=multi-user.target The test.sh looks like this #!/bin/sh echo Start /tmp/x echo Directory: $(pwd) /tmp/x echo Ant Home: $ANT_HOME /tmp/x echo $1 $2 $3 $4 $5 $6 /tmp/x sleep 60 Error is like that cruisctl.service - Cruise Control Loaded: loaded (/lib/systemd/system/cruisctl.service) Active: failed Process: 4313 ExecStart=/root/test.sh $CRUISCTLOPTIONS (code=exited, status=203/EXEC) CGroup: name=systemd:/system/cruisctl.service ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel