stackoom
  简体   繁体   中英

systemctl service systemd-notify not working with non-root user

 原文  2019-07-16 14:55:17       bash/ systemd/ rhel7/ systemctl

Question

I have a simple example of a service unit and bash script on Red Hat Enterprise Linux 7 using Type=notify that I am trying to get working.

When the service unit is configured to start the script as root, things work as expected. When adding User=testuser it fails. While the script initially starts (as seen on process list) the systemctl service never receives the notify message indicating ready so it hangs and eventually times out.

[Unit]
Description=My Test
[Service]
Type=notify
User=testuser
ExecStart=/home/iatf/test.sh
[Install]
WantedBy=multi-user.target

Test.sh (owned by testuser with execute permission) 

#!/bin/bash

systemd-notify --status="Starting..."
sleep 5
systemd-notify --ready --status="Started"

while [ 1 ] ; do
  systemd-notify --status="Processing..."
  sleep 3
  systemd-notify --status="Waiting..."
  sleep 3
done

When run as root systemctl status test displays the correct status and status messages as sent from my test.sh bash script. When User=testuser the service hangs and then timesout and journalctl -xe reports:

Jul 15 13:37:25 tstcs03.ingdev systemd[1]: Cannot find unit for notify message of PID 7193.
Jul 15 13:37:28 tstcs03.ingdev systemd[1]: Cannot find unit for notify message of PID 7290.
Jul 15 13:37:31 tstcs03.ingdev systemd[1]: Cannot find unit for notify message of PID 7388.
Jul 15 13:37:34 tstcs03.ingdev systemd[1]: Cannot find unit for notify message of PID 7480.

I am not sure what those PIDs are as they do not appear on ps -ef list

2 answers

solution1
 2  2019-11-27 00:34:22

This appears to be known limitation in the notify service type

From a pull request to the systemd man pages

    Due to current limitations of the Linux kernel and the systemd, this
    command requires CAP_SYS_ADMIN privileges to work
    reliably. I.e. it's useful only in shell scripts running as a root
    user.

I've attempted some hacky workarounds with sudo and friends but they won't work as systemd - generally failing with

No status data could be sent: $NOTIFY_SOCKET was not set

This refers to the socket that systemd-notify is trying to send data to - its defined in the service environment but I could not get it reliably exposed to a sudo environment

You could also try using a Python workaround described here

python -c "import systemd.daemon, time; systemd.daemon.notify('READY=1'); time.sleep(5)"

Its basically just a sleep which is not reliable and the whole point of using notify is reliable services.

In my case - I just refactored to use root as the user - with the actual service as a child under the main service with the desired user

solution2
 0  2021-01-11 08:17:11

sudo -u USERACCOUNT_LOGGED 通知发送“你好”

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Running root service in Dockerfile with non-root user bash script systemctl enable service as non root user on CentOS7 Error accessing mercurial with non-root user Ubuntu run script as non-root user How to set cronjob with non-root user? Executing root-required script from non-root user Switching users inside Docker image to a non-root user nmap to scan MAC address for remote machine by non-ROOT user Preventing a non-root user from running a shell script Monit running script as non-root user getting "permission denied"
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM