systemctl 服务 systemd-notify 不适用于非 root 用户
[英]systemctl service systemd-notify not working with non-root user
问题描述
I have a simple example of a service unit and bash script on Red Hat Enterprise Linux 7 using Type=notify that I am trying to get working.
我在 Red Hat Enterprise Linux 7 上有一个简单的服务单元和 bash 脚本示例,使用Type=notify我正在尝试开始工作。
When the service unit is configured to start the script as root, things work as expected.当服务单元配置为以 root 身份启动脚本时,事情会按预期工作。 When adding User=testuser it fails.添加User=testuser时失败。 While the script initially starts (as seen on process list) the systemctl service never receives the notify message indicating ready so it hangs and eventually times out.当脚本最初启动时(如进程列表所示), systemctl服务永远不会收到指示就绪的通知消息,因此它挂起并最终超时。
[Unit]
Description=My Test
[Service]
Type=notify
User=testuser
ExecStart=/home/iatf/test.sh
[Install]
WantedBy=multi-user.target
Test.sh (owned by testuser with execute permission) Test.sh(由具有执行权限的 testuser 拥有)
#!/bin/bash
systemd-notify --status="Starting..."
sleep 5
systemd-notify --ready --status="Started"
while [ 1 ] ; do
systemd-notify --status="Processing..."
sleep 3
systemd-notify --status="Waiting..."
sleep 3
done
When run as root systemctl status test displays the correct status and status messages as sent from my test.sh bash script.当以 root 身份运行时,systemctl status test 显示从我的 test.sh bash 脚本发送的正确状态和状态消息。 When User=testuser the service hangs and then timesout and journalctl -xe reports:当User=testuser服务挂起然后超时和journalctl -xe报告:
Jul 15 13:37:25 tstcs03.ingdev systemd[1]: Cannot find unit for notify message of PID 7193.
Jul 15 13:37:28 tstcs03.ingdev systemd[1]: Cannot find unit for notify message of PID 7290.
Jul 15 13:37:31 tstcs03.ingdev systemd[1]: Cannot find unit for notify message of PID 7388.
Jul 15 13:37:34 tstcs03.ingdev systemd[1]: Cannot find unit for notify message of PID 7480.
I am not sure what those PIDs are as they do not appear on ps -ef list我不确定这些 PID 是什么,因为它们没有出现在 ps -ef 列表中
2 个解决方案
解决方案1
2 2019-11-27 00:34:22
This appears to be known limitation in the notify service type这似乎是notify服务类型中的已知限制
From a pull request to the systemd man pages从拉取请求到systemd手册页
Due to current limitations of the Linux kernel and the systemd, this
command requires CAP_SYS_ADMIN privileges to work
reliably. I.e. it's useful only in shell scripts running as a root
user.
I've attempted some hacky workarounds with sudo and friends but they won't work as systemd - generally failing with我已经与sudo和朋友一起尝试了一些 hacky 解决方法,但它们不会像systemd工作 - 通常会失败
No status data could be sent: $NOTIFY_SOCKET was not set
This refers to the socket that systemd-notify is trying to send data to - its defined in the service environment but I could not get it reliably exposed to a sudo environment这是指systemd-notify试图将数据发送到的套接字 - 它在服务环境中定义,但我无法将其可靠地暴露给 sudo 环境
You could also try using a Python workaround described here您也可以尝试使用此处描述的 Python 解决方法
python -c "import systemd.daemon, time; systemd.daemon.notify('READY=1'); time.sleep(5)"
Its basically just a sleep which is not reliable and the whole point of using notify is reliable services.它基本上只是一个不可靠的睡眠,使用notify是可靠的服务。
In my case - I just refactored to use root as the user - with the actual service as a child under the main service with the desired user在我的情况下 - 我只是重构为使用root作为用户 - 将实际服务作为主服务下的子项与所需用户
解决方案2
0 2021-01-11 08:17:11
sudo -u USERACCOUNT_LOGGED 通知发送“你好”
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.