Originally Posted by
LHammonds
Is it possible to utilize different credentials (User/Group) for ExecStartPre and ExecStart? ... LHammonds
I found this example for you...
Code:
[Unit]Description=Startup Thing
[Service]
Type=oneshot
ExecStart=/usr/bin/python3 -u /opt/thing/doStartup
WorkingDirectory=/opt/thing
StandardOutput=journal
User=thingUser
# Make sure the /run/thing directory exists
PermissionsStartOnly=true
ExecStartPre=-/bin/mkdir -p /run/thing
ExecStartPre=-/bin/chown thingUser /run/thing
ExecStartPre=-/bin/chmod 700 /run/thing
[Install]
WantedBy=multi-user.target
Note: For reference on directive documentation, use man serviced.directive ExecStartPre is documented in man systemd.service.
So in this example, the ExecStart is run by User "thingUser". The 4 ExecStartPre directives are run by root.
Note than in the example there is a "-" character. The ExecStartPre commands will commence serially, one after the other's end. If not prefixed by "-", then on failure, the unit will exit out with an error code, without any other processing. The "-" allows failure (such as the directory already being there). ExecStartPre is not meant for long running processes, at least as it is documented. It says that all forked processes invoked via ExecStartPre will be killed by the next service process starts... but if you are not forking the processes, they run serially so...
ExecStartPost will run directives after ExecStart finishes, at service end. Good for "clean-up" operations.
Additional to that, there's two "OTHER" ways to do that...
The first is to use one of the prefixes listed in the Execution prefix table in man systemd.service. Also contained in that table is notes on User, Group, SupplementaryGroup, DynamicUser, and elevated privilege's.
Second is to kick off the process via
Code:
ExecStartPre=/usr/bin/runuser -u username command_argument
Just a few ideas and options.
Bookmarks