[英]How can I start my prolog web service using a systemctl service on a linux server?
[英]linux systemctl can not start elasticsearch systemd service due to permission issue
我想將Elasticsearch作為systemd
VM中的systemd
服務運行。 如果我僅通過命令行shell運行它,它將在子shell中在后台運行,但是一旦連接終止, 進程將被終止。
因此,我創建了一個服務/etc/systemd/system/multi-user.target.wants/indexstorage.service
[Unit]
Description=indexing-store
[Service]
Type=forking
ExecStart=/usr/local/elasticsearch-5.2.2/bin/elasticsearch
TimeoutSec=infinity
Restart=always
[Install]
WantedBy=multi-user.target
並復制到/etc/systemd/system/indexstorage.service
。
然后像往常一樣,重新加載並啟用indexstorage.service
。
但是,當我啟動indexstorage.service
,它要求輸入虛擬機的root密碼,該虛擬機實際上是Amazon雲機。
ubuntu@ip-172-21-3-18:~$ /bin/systemctl start indexstorage.service
==== AUTHENTICATING FOR org.freedesktop.systemd1.manage-units ===
Authentication is required to start 'indexstorage.service'.
Authenticating as: Ubuntu (ubuntu)
Password:
polkit-agent-helper-1: pam_authenticate failed: Authentication failure
==== AUTHENTICATION FAILED ===
Failed to start indexstorage.service: Access denied
See system logs and 'systemctl status indexstorage.service' for details.
我不知道密碼。 而且,如果以sudo
用戶身份運行它,它將永遠不會運行,因為出於安全原因, elasticsearch限制以sudo用戶身份運行。
ubuntu@ip-172-21-3-18:~$ sudo /bin/systemctl start indexstorage.service
Job for indexstorage.service failed because the control process exited with error code. See "systemctl status indexstorage.service" and "journalctl -xe" for details.
我當前的用戶/組是ubuntu:ubuntu
ubuntu@ip-172-21-3-18:~$ users
ubuntu
ubuntu@ip-172-21-3-18:~$ groups
ubuntu adm dialout cdrom floppy sudo audio dip video plugdev netdev lxd
我也嘗試過更改/etc/sudoers
以允許訪問ubuntu
組,但沒有效果,
#
# This file MUST be edited with the 'visudo' command as root.
#
# Please consider adding local content in /etc/sudoers.d/ instead of
# directly modifying this file.
#
# See the man page for details on how to write a sudoers file.
#
Defaults env_reset
Defaults mail_badpass
Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin"
# Host alias specification
# User alias specification
# Cmnd alias specification
# User privilege specification
root ALL=(ALL:ALL) ALL
# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL
# Allow members of group sudo to execute any command
%sudo ALL=(ALL:ALL) ALL
# See sudoers(5) for more information on "#include" directives:
#includedir /etc/sudoers.d
%ubuntu ALL=NOPASSWD: /bin/systemctl daemon-reload
%ubuntu ALL=NOPASSWD: /bin/systemctl restart indexstorage.service
%ubuntu ALL=NOPASSWD: /bin/systemctl stop indexstorage.service
%ubuntu ALL=NOPASSWD: /bin/systemctl start indexstorage.service
要么,
%ubuntu ubuntu=NOPASSWD: /bin/systemctl daemon-reload
%ubuntu ubuntu=NOPASSWD: /bin/systemctl restart indexstorage.service
%ubuntu ubuntu=NOPASSWD: /bin/systemctl stop indexstorage.service
%ubuntu ubuntu=NOPASSWD: /bin/systemctl start indexstorage.service
當我開始服務時,
ubuntu@ip-172-21-3-18:~$ /bin/systemctl start indexstorage.service
==== AUTHENTICATING FOR org.freedesktop.systemd1.manage-units ===
Authentication is required to start 'indexstorage.service'.
Authenticating as: Ubuntu (ubuntu)
Password:
我現在的臨時解決方案是將其作為noHUP進程運行,它將忽略hangup signals
nohup /usr/local/elasticsearch-5.2.2/bin/elasticsearch &
但是,關於此帖子的問題是如何以非sudo用戶身份運行systemctl命令?
要以ubuntu用戶身份運行SystemD服務,可以在服務文件中使用User=ubuntu
。 參見man systemd.exec
。
或者,您可以將服務安裝為每個用戶的服務。 在這種情況下,您可以使用systemctl --user start <service>
並且必須將單位文件放在每個用戶目錄中,通常是$HOME/.config/systemd/user
, $HOME/.local/share/systemd/user
。 參見man systemd.unit
。
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.