Hi Vilius, never mind my previous comment about artemis-service, I was talking about the `artemis-service.exe` windows executable, I was not talking about the script you are using.
Looking at your previous log, it is not clear to me the cause, you could try to get more details using sealert[1]. [1] https://access.redhat.com/articles/2191331 Regards, Domenico On Thu, 30 Dec 2021 at 17:33, Vilius Šumskas <v.sums...@advantes.tech.invalid> wrote: > Hi, > > not sure why you say artemis-service is for Windows. For me it looks like > every normal init.d script written in bash. I would gladly run it via > system, like I did it with ActiveMQ classic. > > Looking at the SELinux log I think the problem could be two fold. a) > script execution from /var/lib folder which is recommended by artemis is > denied under standard SELinux policy rules. b) Artemis doesn't like the > fact that system tries to unset UID from root (?) > > type=AVC msg=audit(1640879754.996:1247): avc: denied { execute } for > pid=28545 comm="(-service)" name="artemis-service" dev="sda2" ino=34915803 > scontext=system_u:system_r:init_t:s0 > tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=file permissive=0 > type=SYSCALL msg=audit(1640879754.996:1247): arch=c000003e syscall=59 > success=no exit=-13 a0=563766c77280 a1=563766d81a30 a2=563766b071a0 a3=0 > items=0 ppid=1 pid=28545 auid=4294967295 uid=1001 gid=1001 euid=1001 > suid=1001 fsuid=1001 egid=1001 sgid=1001 fsgid=1001 tty=(none) > ses=4294967295 comm="(-service)" exe="/usr/lib/systemd/systemd" > subj=system_u:system_r:init_t:s0 key=(null)ARCH=x86_64 SYSCALL=execve > AUID="unset" UID="activemq" GID="activemq" EUID="activemq" SUID="activemq" > FSUID="activemq" EGID="activemq" SGID="activemq" FSGID="activemq" > type=PROCTITLE msg=audit(1640879754.996:1247): proctitle="(-service)" > type=SERVICE_START msg=audit(1640879754.999:1248): pid=1 uid=0 > auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 > msg='unit=activemq comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? > addr=? terminal=? res=failed'UID="root" AUID="unset" > > -- > Vilius > > -----Original Message----- > From: Domenico Francesco Bruscino <bruscin...@gmail.com> > Sent: Thursday, December 30, 2021 5:07 PM > To: users@activemq.apache.org > Subject: Re: running Artemis under non-root user > > Hi Vilius, > > the artemis-service executable is for windows while the best option to run > ActiveMQ Artemis as service on linux is using systemd. Your example LGTM > indeed yout service configuration includes the `User` and `Group` settings, > can you share the SELinux denial message? > > Basic SELinux Troubleshooting in CLI > https://access.redhat.com/articles/2191331 > > Regards, > Domenico > > On Mon, 27 Dec 2021 at 20:24, Vilius Šumskas > <v.sums...@advantes.tech.invalid> wrote: > > > I'm trying to run "/var/lib/artemis/bin/artemis-service start" script. > > > > -- > > Vilius > > > > -----Original Message----- > > From: Justin Bertram <jbert...@apache.org> > > Sent: Monday, December 27, 2021 8:22 PM > > To: users@activemq.apache.org > > Subject: Re: running Artemis under non-root user > > > > Can you clarify how you're trying to run Artemis? I assume you're not > > just running the `artemis` command from the bin directory. > > > > > > Justin > > > > > > On Mon, Dec 27, 2021 at 6:34 AM Vilius Šumskas > > <v.sums...@advantes.tech.invalid> wrote: > > > > > Hello, > > > > > > I‘m trying to configure Artemis 2.20.0 to run under non-root user. > > > So far searching on Google produced zero results 😐 > > > > > > There is a mention of ARTEMIS_USER env variable in broker startup > > > script, so I’ve tried to set ARTEMIS_USER=‘myuser‘ in artemis.profile. > > > It still runs under root for some reason. > > > > > > I have also tried to use systemd configuration file from here > > > https://medium.com/@hasnat.saeed/setup-activemq-artemis-on-ubuntu-18 > > > -0 4-76bb4975308b but still no go. As soon as systemd detects that > > > the process runs under root instead of specified user SELinux blocks > > > the execution (as expected). > > > > > > Is there a way to run Artemis under non-root user, and if yes, how? > > > > > > -- > > > Best Regards, > > > > > > Vilius Šumskas > > > Advantes technologies > > > IT manager > > > > > >
