Quantcast

want to write a systemd service file where a user may not exist.

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
16 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

want to write a systemd service file where a user may not exist.

Peter Silva

Hi folks, wondering if people could direct me to a good place to ask this question.  It isn't really a user question, but ... anyways.   I work on a package that can run either under a dedicated user, as a sort of daemon or server mode, or it can be used by ordinary users directly in client mode (connecting to daemons elsewhere.)

When I install the package, on older releases, there is /etc/default and I put a file there to ensure it is disabled by default.   That's fine.

in systemd, I use the documented stuff in dh_ and it puts the service file in the right place.

Two issues:
    -- when I do systemctl status sarra ... it says: 'vendor preset: enabled')  I want it to be disabled by default.  Couldn't find that.

    -- I don't want to create the daemon user on systems where
 it will only be used as a client, so in many cases the 'user' specified in the service file will not exist.   How to cleanly handle that?



--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: want to write a systemd service file where a user may not exist.

Ralf Mardorf-2
On Fri, 10 Feb 2017 09:04:14 -0500, Peter Silva wrote:
> I don't want to create the daemon user on systems where
> it will only be used as a client, so in many cases the 'user'
> specified in the service file will not exist.   How to cleanly handle
> that?

Hi,

the Ubuntu policy is to auto-start everything that could be
auto-started, so you most likely need to chose another path to install
the unit.

Instead of

  /lib/systemd/system/foo.service

install it to e.g.

  /usr/share/doc/foo/examples/foo.service

Regards,
Ralf



--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: want to write a systemd service file where a user may not exist.

Colin Law
In reply to this post by Peter Silva
On 10 February 2017 at 14:04, Peter Silva <[hidden email]> wrote:

>
> Hi folks, wondering if people could direct me to a good place to ask this
> question.  It isn't really a user question, but ... anyways.   I work on a
> package that can run either under a dedicated user, as a sort of daemon or
> server mode, or it can be used by ordinary users directly in client mode
> (connecting to daemons elsewhere.)
>
> When I install the package, on older releases, there is /etc/default and I
> put a file there to ensure it is disabled by default.   That's fine.
>
> in systemd, I use the documented stuff in dh_ and it puts the service file
> in the right place.
>
> Two issues:
>     -- when I do systemctl status sarra ... it says: 'vendor preset:
> enabled')  I want it to be disabled by default.  Couldn't find that.

I believe the default should be disabled, it should only be enabled if
you have done something that causes symlinks to be inserted in the
.wants directories for other services. If you run
sudo system enable|disable sarra
then you should see it adding or removing the links.

>
>     -- I don't want to create the daemon user on systems where
>  it will only be used as a client, so in many cases the 'user' specified in
> the service file will not exist.   How to cleanly handle that?

If it won't be used as service then just leave it disabled.  Since it
will not be run then it does not matter if the user does not exist.

Colin

--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: want to write a systemd service file where a user may not exist.

Ralf Mardorf-2
On Sat, 11 Feb 2017 12:07:13 +0000, Colin Law wrote:
>If you run
>sudo system enable|disable sarra
>then you should see it adding or removing the links.

Typo
systemctl ;)

However, if we install a package with a systemd unit, it automatically
gets enable. You could test it, e.g. install smartmontools. A user who
just want to get "smartctl" needs to manually disable the daemon. The
Ubuntu policy is very bad, it's better to be aware of it, to avoid
serious issues.


--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: want to write a systemd service file where a user may not exist.

Oliver Grawert
In reply to this post by Peter Silva
hi,
On Fr, 2017-02-10 at 09:04 -0500, Peter Silva wrote:
>
> Hi folks, wondering if people could direct me to a good place to ask
> this question.  It isn't really a user question, but ... anyways.   I
> work on a package that can run either under a dedicated user, as a
> sort of daemon or server mode, or it can be used by ordinary users
> directly in client mode (connecting to daemons elsewhere.)
>
there are plenty of ways to achieve that :)

> When I install the package, on older releases, there is /etc/default
> and I put a file there to ensure it is disabled by default.   That's
> fine.
you could use a wrapper script for starting your daemon that first
checks /etc/default ...
>
> in systemd, I use the documented stuff in dh_ and it puts the service
> file in the right place.

you could not use debhelper (which is responsible for enabling the
service by default) but just install the service file to 
/lib/systemd/system/ from the debian/install file, not using the
debhelper functions ...

then it should not be started by default and you have to manually do
"systemctl enable <service>"

>
> Two issues:
>     -- when I do systemctl status sarra ... it says: 'vendor preset:
> enabled')  I want it to be disabled by default.  Couldn't find that.
>
>     -- I don't want to create the daemon user on systems where
>  it will only be used as a client, so in many cases the 'user'
> specified in the service file will not exist.   How to cleanly handle
> that?
>
you would use a debconf question asking the admin if he wants the user
created ...

ciao
        oli
--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users

signature.asc (188 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: want to write a systemd service file where a user may not exist.

Peter Silva
In reply to this post by Ralf Mardorf-2
On Sat, Feb 11, 2017 at 7:31 AM, Ralf Mardorf <[hidden email]> wrote:
On Sat, 11 Feb 2017 12:07:13 +0000, Colin Law wrote:
>If you run
>sudo system enable|disable sarra
>then you should see it adding or removing the links.

Typo
systemctl ;)

However, if we install a package with a systemd unit, it automatically
gets enable. You could test it, e.g. install smartmontools. A user who
just want to get "smartctl" needs to manually disable the daemon. The
Ubuntu policy is very bad, it's better to be aware of it, to avoid
serious issues.


OK, so:
 
--  any idea how to tell systemd and/or ubuntu that this service should be disabled by default?

and/or:

-- Any idea how to configure a systemd service such that if user X doesn't exist, it does not try to start the service?

 
--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users


--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: want to write a systemd service file where a user may not exist.

Ralf Mardorf-2


On 11 Feb 2017, at 13:49, Peter Silva <[hidden email]> wrote:

On Sat, Feb 11, 2017 at 7:31 AM, Ralf Mardorf <[hidden email]> wrote:
On Sat, 11 Feb 2017 12:07:13 +0000, Colin Law wrote:
>If you run
>sudo system enable|disable sarra
>then you should see it adding or removing the links.

Typo
systemctl ;)

However, if we install a package with a systemd unit, it automatically
gets enable. You could test it, e.g. install smartmontools. A user who
just want to get "smartctl" needs to manually disable the daemon. The
Ubuntu policy is very bad, it's better to be aware of it, to avoid
serious issues.


OK, so:
 
--  any idea how to tell systemd and/or ubuntu that this service should be disabled by default?

and/or:

-- Any idea how to configure a systemd service such that if user X doesn't exist, it does not try to start the service?

I didn't know what Oli mentioned. Have you tried it that way?


--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: want to write a systemd service file where a user may not exist.

Colin Law
In reply to this post by Ralf Mardorf-2
On 11 February 2017 at 12:31, Ralf Mardorf <[hidden email]> wrote:
> On Sat, 11 Feb 2017 12:07:13 +0000, Colin Law wrote:
>>If you run
>>sudo system enable|disable sarra
>>then you should see it adding or removing the links.
>
> Typo
> systemctl ;)

Thanks

>
> However, if we install a package with a systemd unit, it automatically
> gets enable. You could test it, e.g. install smartmontools. A user who
> just want to get "smartctl" needs to manually disable the daemon. The
> Ubuntu policy is very bad, it's better to be aware of it, to avoid
> serious issues.

As Oliver has pointed out it depends how it is installed (though until
he provided the details I was unsure of what the difference is -
thanks Oli). Plenty of packages install not enabled. If I remember
correctly nodered is an example.  So I don't think it is an Ubuntu
policy, it is up to the individual package maintainer.

Colin

--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: want to write a systemd service file where a user may not exist.

Peter Silva
In reply to this post by Oliver Grawert
On Sat, Feb 11, 2017 at 7:41 AM, Oliver Grawert <[hidden email]> wrote:
hi,
On Fr, 2017-02-10 at 09:04 -0500, Peter Silva wrote:
>
> Hi folks, wondering if people could direct me to a good place to ask
> this question.  It isn't really a user question, but ... anyways.   I
> work on a package that can run either under a dedicated user, as a
> sort of daemon or server mode, or it can be used by ordinary users
> directly in client mode (connecting to daemons elsewhere.)
>
there are plenty of ways to achieve that :)

> When I install the package, on older releases, there is /etc/default
> and I put a file there to ensure it is disabled by default.   That's
> fine.
you could use a wrapper script for starting your daemon that first
checks /etc/default ...


It is a practical suggestion and should work, but I wonder if the systemd gods somewhere will say *You're doing it wrong*.

Reading through systemd information, and through bitter experience, I know most systemd services completely ignore /etc/default, so it would be *surprising* for admins on a systemd system if one service was actually using them:

As far as I can tell /etc/default is only supposed to be used by upstart or init files, and can be referenced as a crutch by systemd, but it isn't correct to build a systemd service that uses it.

On the subject of a wrapper script... The obvious thing is to just point at the /etc/init script I already provide, but then it feels like I'm not doing it the *systemd* way. I end up with systemd stuff that explicitly invokes sysv stuff. 

example of surprise:

systemctl enable foo

won't work, as people will need to modify /etc/default/foo as well as enable, and folks will complain that it isn't properly in systemd.

Some to think of it, I think I could just skip the systemd.service entirely then, and systemd's compatibility stuff could just pick up the init stuff.  Still ugly.

So I'm looking for the systemd-ish way to do it right.

etc...

>
> in systemd, I use the documented stuff in dh_ and it puts the service
> file in the right place.

you could not use debhelper (which is responsible for enabling the
service by default) but just install the service file to 
/lib/systemd/system/ from the debian/install file, not using the
debhelper functions ...

then it should not be started by default and you have to manually do
"systemctl enable <service>"


OK, but I'm using debuild, and the packages get built by launchpad, for me to stick a raw 'cp' in there, especially when installing on 14.04 (no systemd) seems likely to break somewhere.    


 
>
> Two issues:
>     -- when I do systemctl status sarra ... it says: 'vendor preset:
> enabled')  I want it to be disabled by default.  Couldn't find that.
>
>     -- I don't want to create the daemon user on systems where
>  it will only be used as a client, so in many cases the 'user'
> specified in the service file will not exist.   How to cleanly handle
> that?
>
you would use a debconf question asking the admin if he wants the user
created ...


hmm... need to think about that... when installations are automated people are stuck specifying default answers... I would think If I'm going to ask a question it would be something like:

'client only mode (no server, no sarra user created)?'

so *no* would ensure the user exists... (the less common case) and *yes* would be the normal client mode...   (the most common case)   Does that sound correct?


thanks for the suggestions! not sure we're there yet...


--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: want to write a systemd service file where a user may not exist.

Oliver Grawert
In reply to this post by Colin Law
hi,
On Sa, 2017-02-11 at 13:28 +0000, Colin Law wrote:
> ues.
>
> As Oliver has pointed out it depends how it is installed (though
> until
> he provided the details I was unsure of what the difference is -
> thanks Oli). Plenty of packages install not enabled. If I remember
> correctly nodered is an example.  So I don't think it is an Ubuntu
> policy, it is up to the individual package maintainer.


well, it is a debian policy (which ubuntu inherits) that all services
of a package should be started at install time by default ... but that
doesn't mean there isn't a way around it ;)

ciao
        oli
--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users

signature.asc (188 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: want to write a systemd service file where a user may not exist.

Colin Law
On 11 February 2017 at 13:40, Oliver Grawert <[hidden email]> wrote:

> hi,
> On Sa, 2017-02-11 at 13:28 +0000, Colin Law wrote:
>> ues.
>>
>> As Oliver has pointed out it depends how it is installed (though
>> until
>> he provided the details I was unsure of what the difference is -
>> thanks Oli). Plenty of packages install not enabled. If I remember
>> correctly nodered is an example.  So I don't think it is an Ubuntu
>> policy, it is up to the individual package maintainer.
>>
>
> well, it is a debian policy (which ubuntu inherits) that all services
> of a package should be started at install time by default ... but that
> doesn't mean there isn't a way around it ;)

I stand corrected
Thanks again

Colin

--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: want to write a systemd service file where a user may not exist.

Peter Silva
On Sat, Feb 11, 2017 at 8:47 AM, Colin Law <[hidden email]> wrote:
On 11 February 2017 at 13:40, Oliver Grawert <[hidden email]> wrote:
> hi,
> On Sa, 2017-02-11 at 13:28 +0000, Colin Law wrote:
>> ues.
>>
>> As Oliver has pointed out it depends how it is installed (though
>> until
>> he provided the details I was unsure of what the difference is -
>> thanks Oli). Plenty of packages install not enabled. If I remember
>> correctly nodered is an example.  So I don't think it is an Ubuntu
>> policy, it is up to the individual package maintainer.
>>
>
> well, it is a debian policy (which ubuntu inherits) that all services
> of a package should be started at install time by default ... but that
> doesn't mean there isn't a way around it ;)

I stand corrected
Thanks again


I'm starting to think the simple way to do this is to create a second package 'foo-server'  that contains only the service and init file and creates the user when installed.

Clients would only install foo.deb, but people who want the server thing would install foo-server package, and the user would be created.

hmm...


--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: want to write a systemd service file where a user may not exist.

Oliver Grawert
In reply to this post by Peter Silva
hi,
On Sa, 2017-02-11 at 08:38 -0500, Peter Silva wrote:

> On Sat, Feb 11, 2017 at 7:41 AM, Oliver Grawert <[hidden email]>
> wrote:
> > hi,
> > On Fr, 2017-02-10 at 09:04 -0500, Peter Silva wrote:
> > >
> > > Hi folks, wondering if people could direct me to a good place to
> > ask
> > > this question.  It isn't really a user question, but ... anyways.
> >   I
> > > work on a package that can run either under a dedicated user, as
> > a
> > > sort of daemon or server mode, or it can be used by ordinary
> > users
> > > directly in client mode (connecting to daemons elsewhere.)
> > >
> > there are plenty of ways to achieve that :)
> >
> > > When I install the package, on older releases, there is
> > /etc/default
> > > and I put a file there to ensure it is disabled by default.  
> > That's
> > > fine.
> > you could use a wrapper script for starting your daemon that first
> > checks /etc/default ...
>
>
> It is a practical suggestion and should work, but I wonder if the
> systemd gods somewhere will say *You're doing it wrong*.
http://0pointer.de/blog/projects/on-etc-sysinit.html

recommends to use /etc/default/ or (for fedora) /etc/sysconfig/ through
the EnvironmentFile= option in your service file (but that indeed
requires that your daemon uses the env vars from there internally)

>
> Reading through systemd information, and through bitter experience, I
> know most systemd services completely ignore /etc/default, so it
> would be *surprising* for admins on a systemd system if one service
> was actually using them:
>
> As far as I can tell /etc/default is only supposed to be used by
> upstart or init files, and can be referenced as a crutch by systemd,
> but it isn't correct to build a systemd service that uses it.

no, /etc/default is not directly tied to the init system, it is
actually for setting package defaults :) 
just take a look at your current /etc/default on a xenial or later
install, there are still plenty of packages using it even with systemd
as the default init system.

>
> On the subject of a wrapper script... The obvious thing is to just
> point at the /etc/init script I already provide, but then it feels
> like I'm not doing it the *systemd* way. I end up with systemd stuff
> that explicitly invokes sysv stuff. 
>
> example of surprise:
>
> systemctl enable foo
>
> won't work, as people will need to modify /etc/default/foo as well as
> enable, and folks will complain that it isn't properly in systemd.
well, yes, indeed ... i meant the suggestion as an either/or thing .. 
use a wrapper startup script that reacts to /etc/default variables and
keep the debhelper unit management, or ship a unit without starting it
by default via the debian/install file and do not use /etc/default at
all.

>
> Some to think of it, I think I could just skip the systemd.service
> entirely then, and systemd's compatibility stuff could just pick up
> the init stuff.  Still ugly.
>
> So I'm looking for the systemd-ish way to do it right.

well, just look at other packages that have an /etc/default file ...
there are plenty of them, even in systemd times (only a few, like
apport for example, use it to en/disable ... fun fact: apport was
developed by ubuntus systemd maintainer)

also a:
grep default /lib/systemd/system/*
might be interesting ...

ciao
        oli
--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users

signature.asc (188 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: want to write a systemd service file where a user may not exist.

Oliver Grawert
In reply to this post by Peter Silva
hi,
On Sa, 2017-02-11 at 10:10 -0500, Peter Silva wrote:

> I'm starting to think the simple way to do this is to create a second
> package 'foo-server'  that contains only the service and init file
> and creates the user when installed.
>
> Clients would only install foo.deb, but people who want the server
> thing would install foo-server package, and the user would be
> created.

that is definitely also an option ... 

there are plenty ways leading to rome ;)

ciao
        oli
--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users

signature.asc (188 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: want to write a systemd service file where a user may not exist.

Tom H-4
In reply to this post by Ralf Mardorf-2
On Sat, Feb 11, 2017 at 6:48 AM, Ralf Mardorf <[hidden email]> wrote:

> On Fri, 10 Feb 2017 09:04:14 -0500, Peter Silva wrote:
>>
>> I don't want to create the daemon user on systems where it will only
>> be used as a client, so in many cases the 'user' specified in the
>> service file will not exist. How to cleanly handle that?
>
> the Ubuntu policy is to auto-start everything that could be
> auto-started, so you most likely need to chose another path to install
> the unit.
>
> Instead of
>
> /lib/systemd/system/foo.service
>
> install it to e.g.
>
> /usr/share/doc/foo/examples/foo.service

Or drop a "daemon_name.preset" into "/lib/systemd/system-preset/" with
"disable daemon_name.service", which should disable it by default.

--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: want to write a systemd service file where a user may not exist.

Tom H-4
In reply to this post by Oliver Grawert
On Sat, Feb 11, 2017 at 8:40 AM, Oliver Grawert <[hidden email]> wrote:
>
> well, it is a debian policy (which ubuntu inherits) that all services
> of a package should be started at install time by default ... but that
> doesn't mean there isn't a way around it ;)

There used to be "policy-rd.c" with sysvinit+sysvrc but I don't know
whether it's been updated to work with systemd.

--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
Loading...