systemd: How to start as different user?

06-19-2011, 10:48 PM

how to start a program as service with a defined user?
one example below and there are many progams which can
run headless with a restricted user - if find no option
to do this in systemd

BTW:
the name "sytemd" makes your life hard googling for informations
since google seems to think the "d" is a typo

#!/bin/bash
### BEGIN INIT INFO
# Provides: ffserver
# Default-Start:
# Default-Stop: 0 1 2 3 4 6
# Short-Description: streaming server
# Description: streaming server
### END INIT INFO
# chkconfig: 345 84 84

# Service-Name
SERVICE="ffserver"
USER_ACCOUNT="ffserver"

# Source function library.
. /etc/init.d/functions

[ -f /usr/bin/$SERVICE ] || exit 0

# Source config
if [ -f /etc/sysconfig/$SERVICE ] ; then
. /etc/sysconfig/$SERVICE
else
OPTIONS=""
fi

RETVAL=0

start() {
if [ -n "`/sbin/pidof $SERVICE`" ]; then
RETVAL=0
action $"Starte $SERVICE" /bin/false
return $RETVAL
fi
daemon --user $USER_ACCOUNT $SERVICE $OPTIONS > /dev/null 2> /dev/null
RETVAL=$?
PROCESS_ID=`/sbin/pidof $SERVICE`
if [ "$PROCESS_ID" != "" ]; then
PROCESS_ID="(PID: $PROCESS_ID)"
fi
action $"Starte $SERVICE $PROCESS_ID" /bin/true
if [ -n "`/sbin/pidof $SERVICE`" ]; then
touch /var/lock/subsys/$SERVICE
return $RETVAL
else
RETVAL=127
return $RETVAL
fi
}

stop() {
if [ -z "`/sbin/pidof $SERVICE`" ]; then
RETVAL=0
action $"Beende $SERVICE" /bin/false
return $RETVAL
fi
PROCESS_ID=`/sbin/pidof $SERVICE`
if [ "$PROCESS_ID" != "" ]; then
PROCESS_ID="(PID: $PROCESS_ID)"
fi
killproc $SERVICE
RETVAL=$?
echo "Beende $SERVICE $PROCESS_ID"
[ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/$SERVICE
return $RETVAL
}

rhstatus() {
status $SERVICE
}

restart() {
stop
start
}

case "$1" in
start)
start
;;
stop)
stop
;;
status)
rhstatus
;;
restart|reload)
restart
;;
condrestart)
[ -f /var/lock/subsys/$SERVICE ] && restart || :
;;
*)
echo $"Usage: $0 {start|stop|status|restart|condrestart}"
exit 1
esac

exit $?

--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel

06-19-2011, 11:29 PM

2011/6/20 Reindl Harald <h.reindl@thelounge.net>:
> how to start a program as service with a defined user?
> one example below and there are many progams which can
> run headless with a restricted user - if find no option
> to do this in systemd

You should read docs

User=, Group=

Sets the Unix user resp. group the processes are executed as.
Takes a single user resp. group name or ID as argument. If no group is
set the default group of the user is chosen.

http://0pointer.de/public/systemd-man/systemd.exec.html

>
> BTW:
> the name "sytemd" makes your life hard googling for informations
> since google seems to think the "d" is a typo
>
> #!/bin/bash
> ### BEGIN INIT INFO
> # Provides: ffserver
> # Default-Start:
> # Default-Stop: 0 1 2 3 4 6
> # Short-Description: streaming server
> # Description: streaming server
> ### END INIT INFO
> # chkconfig: 345 84 84
>
> # Service-Name
> SERVICE="ffserver"
> USER_ACCOUNT="ffserver"
>
> # Source function library.
> . /etc/init.d/functions
>
>
> [ -f /usr/bin/$SERVICE ] || exit 0
>
> # Source config
> if [ -f /etc/sysconfig/$SERVICE ] ; then
> Â*. /etc/sysconfig/$SERVICE
> else
> Â*OPTIONS=""
> fi
>
> RETVAL=0
>
> start() {
> Â*if [ -n "`/sbin/pidof $SERVICE`" ]; then
> Â*RETVAL=0
> Â*action $"Starte $SERVICE" /bin/false
> Â*return $RETVAL
> Â*fi
> Â*daemon --user $USER_ACCOUNT $SERVICE $OPTIONS > /dev/null 2> /dev/null
> Â*RETVAL=$?
> Â*PROCESS_ID=`/sbin/pidof $SERVICE`
> Â*if [ "$PROCESS_ID" != "" ]; then
> Â*PROCESS_ID="(PID: $PROCESS_ID)"
> Â*fi
> Â*action $"Starte $SERVICE $PROCESS_ID" /bin/true
> Â*if [ -n "`/sbin/pidof $SERVICE`" ]; then
> Â*touch /var/lock/subsys/$SERVICE
> Â*return $RETVAL
> Â*else
> Â*RETVAL=127
> Â*return $RETVAL
> Â*fi
> }
>
> stop() {
> Â*if [ -z "`/sbin/pidof $SERVICE`" ]; then
> Â*RETVAL=0
> Â*action $"Beende $SERVICE" /bin/false
> Â*return $RETVAL
> Â*fi
> Â*PROCESS_ID=`/sbin/pidof $SERVICE`
> Â*if [ "$PROCESS_ID" != "" ]; then
> Â*PROCESS_ID="(PID: $PROCESS_ID)"
> Â*fi
> Â*killproc $SERVICE
> Â*RETVAL=$?
> Â*echo "Beende $SERVICE $PROCESS_ID"
> Â*[ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/$SERVICE
> Â*return $RETVAL
> }
>
> rhstatus() {
> Â*status $SERVICE
> }
>
> restart() {
> Â*stop
> Â*start
> }
>
> case "$1" in
> Â*start)
> Â* start
> Â*;;
> Â*stop)
> Â* stop
> Â*;;
> Â*status)
> Â* rhstatus
> Â*;;
> Â*restart|reload)
> Â* restart
> Â*;;
> Â*condrestart)
> Â* [ -f /var/lock/subsys/$SERVICE ] && restart || :
> Â*;;
> Â**)
> Â*echo $"Usage: $0 {start|stop|status|restart|condrestart}"
> Â*exit 1
> esac
>
> exit $?
>
>
>
> --
> devel mailing list
> devel@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/devel
>

--
Best regards,
Michal

http://eventhorizon.pl/
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel

06-19-2011, 11:32 PM

Am 20.06.2011 01:29, schrieb MichaÅ‚ Piotrowski:
> 2011/6/20 Reindl Harald <h.reindl@thelounge.net>:
>> how to start a program as service with a defined user?
>> one example below and there are many progams which can
>> run headless with a restricted user - if find no option
>> to do this in systemd
>
> You should read docs
>
> User=, Group=
>
> Sets the Unix user resp. group the processes are executed as.
> Takes a single user resp. group name or ID as argument. If no group is
> set the default group of the user is chosen.
>
> http://0pointer.de/public/systemd-man/systemd.exec.html

sorry

i had only open this one
http://0pointer.de/public/systemd-man/systemd.service.html

--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel

06-19-2011, 11:38 PM

On 20/06/11 08:48, Reindl Harald wrote:
> BTW:
> the name "sytemd" makes your life hard googling for informations
> since google seems to think the "d" is a typo

Use: +"systemd" when searching and you will better results
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel