Why can't apache access files in /tmp?

classic Classic list List threaded Threaded
19 messages Options
Reply | Threaded
Open this post in threaded view
|

Why can't apache access files in /tmp?

Chris Green
I want to put some temporary html files in /tmp (well, a sub-directory
of /tmp) and view them using apache2.  I always get permission denied
and it seems as if apache2 refuses to access any files in /tmp.

I have a very simple apache2 set up with the root set to /srv with an
entry as follows:-

    <Directory /srv/>
            Options Indexes FollowSymLinks
            AllowOverride All
            Require all granted
    </Directory>

I add symlinks to /srv to get access to files around the system, it
works for every directory I've tried (even including such places as
/etc) but *not* for /tmp.  (I've removed all the odd symlinks again of
course!)

What's so special about /tmp?  I've searched for references to tmp in
the apache configuration but there's nothing there.

Can anyone suggest what the issue is?

Alternatively where can I put files that will get cleaned out
periodically (like files in /tmp at reboot)?

--
Chris Green

--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
Reply | Threaded
Open this post in threaded view
|

Re: Why can't apache access files in /tmp?

Colin Law
On Tue, 30 Oct 2018 at 13:33, Chris Green <[hidden email]> wrote:
I want to put some temporary html files in /tmp (well, a sub-directory
of /tmp) and view them using apache2.  I always get permission denied
and it seems as if apache2 refuses to access any files in /tmp.

Could possibly be that the apache systemd script specifies privateTmp

Colin
 

I have a very simple apache2 set up with the root set to /srv with an
entry as follows:-

    <Directory /srv/>
            Options Indexes FollowSymLinks
            AllowOverride All
            Require all granted
    </Directory>

I add symlinks to /srv to get access to files around the system, it
works for every directory I've tried (even including such places as
/etc) but *not* for /tmp.  (I've removed all the odd symlinks again of
course!)

What's so special about /tmp?  I've searched for references to tmp in
the apache configuration but there's nothing there.

Can anyone suggest what the issue is?

Alternatively where can I put files that will get cleaned out
periodically (like files in /tmp at reboot)?

--
Chris Green

--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users

--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
Reply | Threaded
Open this post in threaded view
|

Re: Why can't apache access files in /tmp?

Chris Green
On Tue, Oct 30, 2018 at 01:39:13PM +0000, Colin Law wrote:
>    On Tue, 30 Oct 2018 at 13:33, Chris Green <[1][hidden email]> wrote:
>
>      I want to put some temporary html files in /tmp (well, a
>      sub-directory
>      of /tmp) and view them using apache2.  I always get permission
>      denied
>      and it seems as if apache2 refuses to access any files in /tmp.
>
>    Could possibly be that the apache systemd script specifies privateTmp

Yes, I think that's it (or at least it's something to do with
systemd).  Whatever, it's a real nuisance.

Where can I put files that apache can 'see' and which will get cleared
out at intervals?

--
Chris Green

--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
Reply | Threaded
Open this post in threaded view
|

Re: Why can't apache access files in /tmp?

Colin Law
On Tue, 30 Oct 2018 at 14:51, Chris Green <[hidden email]> wrote:
On Tue, Oct 30, 2018 at 01:39:13PM +0000, Colin Law wrote:
>    On Tue, 30 Oct 2018 at 13:33, Chris Green <[1][hidden email]> wrote:
>
>      I want to put some temporary html files in /tmp (well, a
>      sub-directory
>      of /tmp) and view them using apache2.  I always get permission
>      denied
>      and it seems as if apache2 refuses to access any files in /tmp.
>
>    Could possibly be that the apache systemd script specifies privateTmp

Yes, I think that's it (or at least it's something to do with
systemd).  Whatever, it's a real nuisance. 

Where can I put files that apache can 'see' and which will get cleared
out at intervals?

It should be easy enough to change the systemd startup script, it will likely be in /etc/systemd/system.  Make a copy of it with a different name and edit that, then disable the usual one and enable yours.  If you don't make a copy then it will get overwritten when you update.
I did see mention that there could be security risks with that though, so you might like to check on that.

Otherwise put the files somewhere else and have a cron script that cleans it occasionally.

Colin

--
Chris Green

--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users

--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
Reply | Threaded
Open this post in threaded view
|

Re: Why can't apache access files in /tmp?

Chris Green
On Tue, Oct 30, 2018 at 03:00:25PM +0000, Colin Law wrote:

>    On Tue, 30 Oct 2018 at 14:51, Chris Green <[1][hidden email]> wrote:
>
>      On Tue, Oct 30, 2018 at 01:39:13PM +0000, Colin Law wrote:
>      >    On Tue, 30 Oct 2018 at 13:33, Chris Green <[1][2][hidden email]>
>      wrote:
>      >
>      >      I want to put some temporary html files in /tmp (well, a
>      >      sub-directory
>      >      of /tmp) and view them using apache2.  I always get
>      permission
>      >      denied
>      >      and it seems as if apache2 refuses to access any files in
>      /tmp.
>      >
>      >    Could possibly be that the apache systemd script specifies
>      privateTmp
>      Yes, I think that's it (or at least it's something to do with
>      systemd).  Whatever, it's a real nuisance.
>
>      Where can I put files that apache can 'see' and which will get
>      cleared
>      out at intervals?
>
>    It should be easy enough to change the systemd startup script, it will
>    likely be in /etc/systemd/system.  Make a copy of it with a different
>    name and edit that, then disable the usual one and enable yours.  If
>    you don't make a copy then it will get overwritten when you update.
>    I did see mention that there could be security risks with that though,
>    so you might like to check on that.

Yes, I read this elsewhere but there doesn't seem be have any reference
to apache or tmp in any of the files in /etc/systemd.  There is a
directory systemd-private-e0d672d5d6814aed8f48c266641180ea-apache2.service-BDQ84c
in /tmp though.


>    Otherwise put the files somewhere else and have a cron script that
>    cleans it occasionally.

I think this may be the best way.

--
Chris Green

--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
Reply | Threaded
Open this post in threaded view
|

Re: Why can't apache access files in /tmp?

Colin Watson
In reply to this post by Colin Law
On Tue, Oct 30, 2018 at 03:00:25PM +0000, Colin Law wrote:
> It should be easy enough to change the systemd startup script, it will
> likely be in /etc/systemd/system.  Make a copy of it with a different name
> and edit that, then disable the usual one and enable yours.

Don't do that; it makes it hard to stay in sync with other changes to
the packaged service file.  Instead, if you're going to take this
approach, make a directory called /etc/systemd/system/apache.service.d,
and create a file in that directory ending in ".conf" (e.g.
no-private-tmp.conf), with contents:

  [Service]
  PrivateTmp=false

(Search for "drop-in" in systemd.unit(5) for an explanation of this
approach.)

However:

> Otherwise put the files somewhere else and have a cron script that cleans
> it occasionally.

... this would be my recommendation, rather than changing PrivateTmp.
In fact, you could just create /etc/tmpfiles.d/apache2-tmp.conf with
contents something like this:

  D /some/path/to/apache2/tmp 1777 root root 30d

... and then the systemd-tmpfiles(8) machinery will take care of it.
See tmpfiles.d(5) for the format of such files.

--
Colin Watson                                       [[hidden email]]

--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
Reply | Threaded
Open this post in threaded view
|

Re: Why can't apache access files in /tmp?

Colin Watson
In reply to this post by Chris Green
On Tue, Oct 30, 2018 at 03:37:19PM +0000, Chris Green wrote:
> Yes, I read this elsewhere but there doesn't seem be have any reference
> to apache or tmp in any of the files in /etc/systemd.

The relevant bit of packaged configuration is in
/lib/systemd/system/apache2.service.  See my other reply for the best
way to change this, though.

--
Colin Watson                                       [[hidden email]]

--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
Reply | Threaded
Open this post in threaded view
|

Re: Why can't apache access files in /tmp?

Colin Law
In reply to this post by Colin Watson
On Tue, 30 Oct 2018 at 15:44, Colin Watson <[hidden email]> wrote:
On Tue, Oct 30, 2018 at 03:00:25PM +0000, Colin Law wrote:
> It should be easy enough to change the systemd startup script, it will
> likely be in /etc/systemd/system.  Make a copy of it with a different name
> and edit that, then disable the usual one and enable yours.

Don't do that; it makes it hard to stay in sync with other changes to
the packaged service file.  Instead, if you're going to take this
approach, make a directory called /etc/systemd/system/apache.service.d,
and create a file in that directory ending in ".conf" (e.g.
no-private-tmp.conf), with contents:

  [Service]
  PrivateTmp=false

I didn't know about that, that is great to know, thanks.
I agree, though, this isn't the best way to solve the problem.

Colin
 


--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
Reply | Threaded
Open this post in threaded view
|

Re: Why can't apache access files in /tmp?

Chris Green
In reply to this post by Colin Watson
On Tue, Oct 30, 2018 at 03:43:52PM +0000, Colin Watson wrote:
> On Tue, Oct 30, 2018 at 03:37:19PM +0000, Chris Green wrote:
> > Yes, I read this elsewhere but there doesn't seem be have any reference
> > to apache or tmp in any of the files in /etc/systemd.
>
> The relevant bit of packaged configuration is in
> /lib/systemd/system/apache2.service.  See my other reply for the best
> way to change this, though.
>
Aha, thank you.  Having dug around in other systemd configuration I
think there's a "proper" way to configure this locally though I think
I may look for other ways to do what I need.

--
Chris Green

--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
Reply | Threaded
Open this post in threaded view
|

Re: Why can't apache access files in /tmp?

Chris Green
In reply to this post by Colin Watson
On Tue, Oct 30, 2018 at 03:42:53PM +0000, Colin Watson wrote:

> > Otherwise put the files somewhere else and have a cron script that cleans
> > it occasionally.
>
> ... this would be my recommendation, rather than changing PrivateTmp.
> In fact, you could just create /etc/tmpfiles.d/apache2-tmp.conf with
> contents something like this:
>
>   D /some/path/to/apache2/tmp 1777 root root 30d
>
> ... and then the systemd-tmpfiles(8) machinery will take care of it.
> See tmpfiles.d(5) for the format of such files.
>
Yes, I agree, I think one of these approaches makes more sense.

--
Chris Green

--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
Reply | Threaded
Open this post in threaded view
|

Re: Why can't apache access files in /tmp?

Peter Flynn
In reply to this post by Chris Green
On 30/10/18 15:37, Chris Green wrote:

> There is a
> directory systemd-private-e0d672d5d6814aed8f48c266641180ea-apache2.service-BDQ84c
> in /tmp though.

That's it. It had me baffled too. Red Hat and its derivatives (eg
CentOS) all implement containers for /tmp *inside* /tmp, so on CentOS I
have:

> drwx------ 3 root root 16 Jan  5  2018
systemd-private-9996399d21cb4a4aab2104dab700f938-colord.service-pc1Qll
> drwx------ 3 root root 16 Jul 30 19:22
systemd-private-9996399d21cb4a4aab2104dab700f938-httpd.service-HnGnni
> drwx------ 3 root root 16 Jul 30 19:23
systemd-private-9996399d21cb4a4aab2104dab700f938-mariadb.service-h49ThQ
> drwx------ 3 root root 16 Jan  5  2018
systemd-private-9996399d21cb4a4aab2104dab700f938-rtkit-daemon.service-zvbLbZ
> drwx------ 3 root root 16 Jan  5  2018
systemd-private-9996399d21cb4a4aab2104dab700f938-vmtoolsd.service-Fk1yKw

Basically, the executing apache process sees /tmp as
/tmp/systemd-private-9996399d21cb4a4aab2104dab700f938-httpd.service-HnGnni/tmp
and it cannot access the normal /tmp at all.

I believe an equivalent is now default on other architectures (apache2
above implies Debian-based systems, I think, where RH/CentOS still use
httpd).

As far as I can see these do NOT get cleared out at reboot, but you
could have a line in /etc/rc.local which does the job, eg

   /bin/rm -rf /tmp/systemd-private*httpd.service*/tmp/*

///Peter

--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
Reply | Threaded
Open this post in threaded view
|

Re: Why can't apache access files in /tmp?

Tom H-4
In reply to this post by Colin Law
On Tue, Oct 30, 2018 at 4:03 PM Colin Law <[hidden email]> wrote:

> On Tue, 30 Oct 2018 at 14:51, Chris Green <[hidden email]> wrote:
>> On Tue, Oct 30, 2018 at 01:39:13PM +0000, Colin Law wrote:
>>> On Tue, 30 Oct 2018 at 13:33, Chris Green <[1][hidden email]> wrote:
>>>
>>> I want to put some temporary html files in /tmp (well, a
>>> sub-directory of /tmp) and view them using apache2. I always get
>>> permission denied and it seems as if apache2 refuses to access any
>>> files in /tmp.
>>>
>>> Could possibly be that the apache systemd script specifies privateTmp
>>
>> Yes, I think that's it (or at least it's something to do with
>> systemd). Whatever, it's a real nuisance.
>>
>>
>> Where can I put files that apache can 'see' and which will get cleared
>> out at intervals?
>
> It should be easy enough to change the systemd startup script, it will
> likely be in /etc/systemd/system.

In "/lib/systemd/system/" not in "/etc/systemd/system/" by default.


> Make a copy of it with a different name and edit that, then disable
> the usual one and enable yours. If you don't make a copy then it will
> get overwritten when you update.

"systemctl edit <unit>" will set up a
"/etc/systemd/system/<unit>.d/override.conf" drop-in automatically.

--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
Reply | Threaded
Open this post in threaded view
|

Re: Why can't apache access files in /tmp?

Chris Green
On Wed, Oct 31, 2018 at 12:06:24PM +0100, Tom H wrote:

> On Tue, Oct 30, 2018 at 4:03 PM Colin Law <[hidden email]> wrote:
> > On Tue, 30 Oct 2018 at 14:51, Chris Green <[hidden email]> wrote:
> >> On Tue, Oct 30, 2018 at 01:39:13PM +0000, Colin Law wrote:
> >>> On Tue, 30 Oct 2018 at 13:33, Chris Green <[1][hidden email]> wrote:
> >>>
> >>> I want to put some temporary html files in /tmp (well, a
> >>> sub-directory of /tmp) and view them using apache2. I always get
> >>> permission denied and it seems as if apache2 refuses to access any
> >>> files in /tmp.
> >>>
> >>> Could possibly be that the apache systemd script specifies privateTmp
> >>
> >> Yes, I think that's it (or at least it's something to do with
> >> systemd). Whatever, it's a real nuisance.
> >>
> >>
> >> Where can I put files that apache can 'see' and which will get cleared
> >> out at intervals?
> >
> > It should be easy enough to change the systemd startup script, it will
> > likely be in /etc/systemd/system.
>
> In "/lib/systemd/system/" not in "/etc/systemd/system/" by default.
>
>
> > Make a copy of it with a different name and edit that, then disable
> > the usual one and enable yours. If you don't make a copy then it will
> > get overwritten when you update.
>
> "systemctl edit <unit>" will set up a
> "/etc/systemd/system/<unit>.d/override.conf" drop-in automatically.
>
I have two files which seem relevant:-

    /lib/systemd/system/apache2.service
    /lib/systemd/system/apache2.service.d/apache2-systemd.conf

Both of them seem to be 'original' as in installed from my
distribution and not changed since.  

I assume the name 'override.conf' isn't actually important and
anything in /etc/systemd/system/apache2.service.d will be acted upon
by systemd.

Does the override file have to specify everything or can it just
change individual parameters with the rest being set by the files in
/lib/systemd/system?

--
Chris Green

--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
Reply | Threaded
Open this post in threaded view
|

Re: Why can't apache access files in /tmp?

Colin Law
In reply to this post by Tom H-4
On Wed, 31 Oct 2018 at 11:08, Tom H <[hidden email]> wrote:
> ...
> "systemctl edit <unit>" will set up a
> "/etc/systemd/system/<unit>.d/override.conf" drop-in automatically.

Excellent, that has been added to my systemd useful hints note.

Thanks

Colin

--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
Reply | Threaded
Open this post in threaded view
|

Re: Why can't apache access files in /tmp?

Tom H-4
In reply to this post by Chris Green
On Wed, Oct 31, 2018 at 12:50 PM Chris Green <[hidden email]> wrote:
> On Wed, Oct 31, 2018 at 12:06:24PM +0100, Tom H wrote:
>> On Tue, Oct 30, 2018 at 4:03 PM Colin Law <[hidden email]> wrote:


>>> Make a copy of it with a different name and edit that, then disable
>>> the usual one and enable yours. If you don't make a copy then it will
>>> get overwritten when you update.
>>
>> "systemctl edit <unit>" will set up a
>> "/etc/systemd/system/<unit>.d/override.conf" drop-in automatically.
>
> I have two files which seem relevant:-
>
> /lib/systemd/system/apache2.service
> /lib/systemd/system/apache2.service.d/apache2-systemd.conf
>
> Both of them seem to be 'original' as in installed from my
> distribution and not changed since.

Is this on 16.04? It doesn't have
"/lib/systemd/system/apache2.service" by default; it only has
"/lib/systemd/system/apache2.service.d/apache2-systemd.conf" to
override the sysv-generator-created service unit. Are you sure that
you didn't create it?


> I assume the name 'override.conf' isn't actually important and
> anything in /etc/systemd/system/apache2.service.d will be acted upon
> by systemd.

The file name has to end with ".conf". I asume that systemd'll be able
to handle two drop-ins, one under "/lib" and one under "/etc" (!).


> Does the override file have to specify everything or can it just
> change individual parameters with the rest being set by the files in
> /lib/systemd/system?

Yo can override individual parameters but you have to use the section
"titles" for example:

To override

[Install]
WantedBy=multi-user.target

the drop-in'll have to be

[Install]
WantedBy=graphical.target

IIRC, there's an exception for ExecStart

To override

[Service]
ExecStart=/sbin/<daemon> -optionX

the drop-in'll have to be

[Service]
ExecStart=
ExecStart=/sbin/<daemon> -optionY

--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
Reply | Threaded
Open this post in threaded view
|

Re: Why can't apache access files in /tmp?

Colin Watson
On Wed, Oct 31, 2018 at 01:51:07PM +0100, Tom H wrote:
> Is this on 16.04? It doesn't have
> "/lib/systemd/system/apache2.service" by default; it only has
> "/lib/systemd/system/apache2.service.d/apache2-systemd.conf" to
> override the sysv-generator-created service unit. Are you sure that
> you didn't create it?

Both these files exist in the shipped package on 18.04.  (It seems weird
to ship both rather than just fold the override into the main unit file,
but maybe there's some reason for it.)

> IIRC, there's an exception for ExecStart
>
> To override
>
> [Service]
> ExecStart=/sbin/<daemon> -optionX
>
> the drop-in'll have to be
>
> [Service]
> ExecStart=
> ExecStart=/sbin/<daemon> -optionY

This is true for any directive that can be specified more than once to
accumulate a list; the relevant systemd.* manual pages document the
directives for which this is the case.

--
Colin Watson                                       [[hidden email]]

--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
Reply | Threaded
Open this post in threaded view
|

Re: Why can't apache access files in /tmp?

Chris Green
In reply to this post by Tom H-4
On Wed, Oct 31, 2018 at 01:51:07PM +0100, Tom H wrote:

> On Wed, Oct 31, 2018 at 12:50 PM Chris Green <[hidden email]> wrote:
> > On Wed, Oct 31, 2018 at 12:06:24PM +0100, Tom H wrote:
> >> On Tue, Oct 30, 2018 at 4:03 PM Colin Law <[hidden email]> wrote:
>
>
> >>> Make a copy of it with a different name and edit that, then disable
> >>> the usual one and enable yours. If you don't make a copy then it will
> >>> get overwritten when you update.
> >>
> >> "systemctl edit <unit>" will set up a
> >> "/etc/systemd/system/<unit>.d/override.conf" drop-in automatically.
> >
> > I have two files which seem relevant:-
> >
> > /lib/systemd/system/apache2.service
> > /lib/systemd/system/apache2.service.d/apache2-systemd.conf
> >
> > Both of them seem to be 'original' as in installed from my
> > distribution and not changed since.
>
> Is this on 16.04? It doesn't have
> "/lib/systemd/system/apache2.service" by default; it only has
> "/lib/systemd/system/apache2.service.d/apache2-systemd.conf" to
> override the sysv-generator-created service unit. Are you sure that
> you didn't create it?
>
It's on 18.04 and I'm pretty sure I haven't changed/added anything.

>
> > I assume the name 'override.conf' isn't actually important and
> > anything in /etc/systemd/system/apache2.service.d will be acted upon
> > by systemd.
>
> The file name has to end with ".conf". I asume that systemd'll be able
> to handle two drop-ins, one under "/lib" and one under "/etc" (!).
>
>
> > Does the override file have to specify everything or can it just
> > change individual parameters with the rest being set by the files in
> > /lib/systemd/system?
>
> Yo can override individual parameters but you have to use the section
> "titles" for example:
>
> To override
>
> [Install]
> WantedBy=multi-user.target
>
> the drop-in'll have to be
>
> [Install]
> WantedBy=graphical.target
>
> IIRC, there's an exception for ExecStart
>
> To override
>
> [Service]
> ExecStart=/sbin/<daemon> -optionX
>
> the drop-in'll have to be
>
> [Service]
> ExecStart=
> ExecStart=/sbin/<daemon> -optionY
>
OK, thanks for all the information.

--
Chris Green

--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
Reply | Threaded
Open this post in threaded view
|

Re: Why can't apache access files in /tmp?

Tom H-4
In reply to this post by Colin Watson
On Wed, Oct 31, 2018 at 3:25 PM Colin Watson <[hidden email]> wrote:
> On Wed, Oct 31, 2018 at 01:51:07PM +0100, Tom H wrote:


>> Is this on 16.04? It doesn't have
>> "/lib/systemd/system/apache2.service" by default; it only has
>> "/lib/systemd/system/apache2.service.d/apache2-systemd.conf" to
>> override the sysv-generator-created service unit. Are you sure that
>> you didn't create it?
>
> Both these files exist in the shipped package on 18.04. (It seems weird
> to ship both rather than just fold the override into the main unit file,
> but maybe there's some reason for it.)

I remember "/lib/systemd/system/apache2.service.d/apache2-systemd.conf"
from 16.04 because I had the problem that resulted in its creation.

On my 18.10 laptop, only "/lib/systemd/system/apache2.service" exists.

I don't have access to an 18.04 system to take a look at why. It
doesn't make sense unless it's a mistake (that's been corrected in
18.10) or "apache2.service" is the upstream unit and the drop-in's an
Ubuntu delta.


>> IIRC, there's an exception for ExecStart
>>
>> To override
>>
>> [Service]
>> ExecStart=/sbin/<daemon> -optionX
>>
>> the drop-in'll have to be
>>
>> [Service]
>> ExecStart=
>> ExecStart=/sbin/<daemon> -optionY
>
> This is true for any directive that can be specified more than once to
> accumulate a list; the relevant systemd.* manual pages document the
> directives for which this is the case.

Thanks. So I mis-remembered :(

I've just read "man systemd.unit" and the last paragraph's:

"Note that for drop-in files, if one wants to remove entries from a
setting that is parsed as a list (and is not a dependency), such as
AssertPathExists= (or e.g. ExecStart= in service units), one needs to
first clear the list before re-adding all entries except the one that is
to be removed. Dependencies (After=, etc.) cannot be reset to an empty
list, so dependencies can only be added in drop-ins. If you want to
remove dependencies, you have to override the entire unit."

--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
Reply | Threaded
Open this post in threaded view
|

Re: Why can't apache access files in /tmp?

Tom H-4
In reply to this post by Colin Law
On Wed, Oct 31, 2018 at 12:52 PM Colin Law <[hidden email]> wrote:
> On Wed, 31 Oct 2018 at 11:08, Tom H <[hidden email]> wrote:
>> ...
>> "systemctl edit <unit>" will set up a
>> "/etc/systemd/system/<unit>.d/override.conf" drop-in automatically.
>
> Excellent, that has been added to my systemd useful hints note.
>
> Thanks

You're welcome.

You might want to add the last paragraph of the "systemd.unit" manpage
to keep in mind that little bit of weirdness.

--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users