由於權限問題，linux systemctl無法啟動elasticsearch systemd服務

Question

我想將Elasticsearch作為systemd VM中的systemd服務運行。 如果我僅通過命令行shell運行它，它將在子shell中在后台運行，但是一旦連接終止， 進程將被終止。

因此，我創建了一個服務/etc/systemd/system/multi-user.target.wants/indexstorage.service

[Unit]
Description=indexing-store

[Service]
Type=forking
ExecStart=/usr/local/elasticsearch-5.2.2/bin/elasticsearch
TimeoutSec=infinity
Restart=always

[Install]
WantedBy=multi-user.target

並復制到/etc/systemd/system/indexstorage.service 。

然后像往常一樣，重新加載並啟用indexstorage.service 。

但是，當我啟動indexstorage.service ，它要求輸入虛擬機的root密碼，該虛擬機實際上是Amazon雲機。

ubuntu@ip-172-21-3-18:~$ /bin/systemctl start indexstorage.service 
==== AUTHENTICATING FOR org.freedesktop.systemd1.manage-units ===
Authentication is required to start 'indexstorage.service'.
Authenticating as: Ubuntu (ubuntu)
Password: 
polkit-agent-helper-1: pam_authenticate failed: Authentication failure
==== AUTHENTICATION FAILED ===
Failed to start indexstorage.service: Access denied
See system logs and 'systemctl status indexstorage.service' for details.

我不知道密碼。 而且，如果以sudo用戶身份運行它，它將永遠不會運行，因為出於安全原因， elasticsearch限制以sudo用戶身份運行。

ubuntu@ip-172-21-3-18:~$ sudo /bin/systemctl start indexstorage.service 
Job for indexstorage.service failed because the control process exited with error code. See "systemctl status indexstorage.service" and "journalctl -xe" for details.

我當前的用戶/組是ubuntu:ubuntu

ubuntu@ip-172-21-3-18:~$ users 
ubuntu

ubuntu@ip-172-21-3-18:~$ groups
ubuntu adm dialout cdrom floppy sudo audio dip video plugdev netdev lxd

我也嘗試過更改/etc/sudoers以允許訪問ubuntu組，但沒有效果，

#
# This file MUST be edited with the 'visudo' command as root.
#
# Please consider adding local content in /etc/sudoers.d/ instead of
# directly modifying this file.
#
# See the man page for details on how to write a sudoers file.
#
Defaults        env_reset
Defaults        mail_badpass
Defaults        secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin"

# Host alias specification

# User alias specification

# Cmnd alias specification

# User privilege specification
root    ALL=(ALL:ALL) ALL

# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL

# Allow members of group sudo to execute any command
%sudo   ALL=(ALL:ALL) ALL

# See sudoers(5) for more information on "#include" directives:

#includedir /etc/sudoers.d

%ubuntu ALL=NOPASSWD: /bin/systemctl daemon-reload
%ubuntu ALL=NOPASSWD: /bin/systemctl restart indexstorage.service
%ubuntu ALL=NOPASSWD: /bin/systemctl stop indexstorage.service
%ubuntu ALL=NOPASSWD: /bin/systemctl start indexstorage.service

要么，

%ubuntu ubuntu=NOPASSWD: /bin/systemctl daemon-reload
%ubuntu ubuntu=NOPASSWD: /bin/systemctl restart indexstorage.service
%ubuntu ubuntu=NOPASSWD: /bin/systemctl stop indexstorage.service
%ubuntu ubuntu=NOPASSWD: /bin/systemctl start indexstorage.service

當我開始服務時，

ubuntu@ip-172-21-3-18:~$ /bin/systemctl start indexstorage.service 
==== AUTHENTICATING FOR org.freedesktop.systemd1.manage-units ===
Authentication is required to start 'indexstorage.service'.
Authenticating as: Ubuntu (ubuntu)
Password: 

我現在的臨時解決方案是將其作為noHUP進程運行，它將忽略hangup signals

nohup /usr/local/elasticsearch-5.2.2/bin/elasticsearch &

但是，關於此帖子的問題是如何以非sudo用戶身份運行systemctl命令？

參考文獻

我們如何允許非root用戶控制system.d服務？

Answer 1

要以ubuntu用戶身份運行SystemD服務，可以在服務文件中使用User=ubuntu 。 參見man systemd.exec 。

或者，您可以將服務安裝為每個用戶的服務。 在這種情況下，您可以使用systemctl --user start <service>並且必須將單位文件放在每個用戶目錄中，通常是$HOME/.config/systemd/user ， $HOME/.local/share/systemd/user 。 參見man systemd.unit 。