如何检查新的systemd用户是否有权执行二进制文件

时间:2017-09-14 13:43:03

标签: ubuntu systemd

我意识到这个问题之前已经被问过/回答了几次,但是还没有能够解决它..我有以下systemd服务文件:

[Unit]
Description=My client service
ConditionPathExists=/root/go/src/github.com/me/myapp/client/client
After=network.target

[Service]
Type=simple
User=myservice
Group=myservice
LimitNOFILE=1024

Restart=on-failure
RestartSec=10
startLimitIntervalSec=60

WorkingDirectory=/root/go/src/github.com/me/myapp/client
ExecStart=/root/go/src/github.com/me/myapp/client/client

# make sure log directory exists and owned by syslog
PermissionsStartOnly=true
ExecStartPre=/bin/mkdir -p /var/log/myclient
ExecStartPre=/bin/chown syslog:adm /var/log/myclient
ExecStartPre=/bin/chmod 755 /var/log/myclient
StandardOutput=syslog
StandardError=syslog
SyslogIdentifier=myservice

[Install]
WantedBy=multi-user.target

然后我创建了一个新用户:

useradd myservice -s /sbin/nologin -M

但是当我尝试运行systemd守护进程时,我得到:

Process: 11956 ExecStart=/root/go/src/github.com/me/myapp/client/client (code=exited, status=203/EXEC)

所有这些在我的本地机器上运行正常(运行Ubuntu 16.04),但是当我尝试使用scaleway服务器(也运行Ubuntu 16.04)时,我得到了上述错误。我100%确定所有路径都是正确的。

我确定myservice用户已成功创建,因为如果我尝试运行:useradd myservice -s /sbin/nologin -M那么我会useradd: user 'myservice' already exists

当我检查权限时,我得到了这个:

$ ls -l /lib/systemd/system/myclient.service 
-rwxr-xr-x 1 root root 790 Sep 14 11:48 /lib/systemd/system/myclient.service
$ ls -l /root/go/src/github.com/me/myapp/client/client 
-rwxr-xr-x 1 root root 9167576 Sep 14 12:02 /root/go/src/github.com/me/myapp/client/client

如果我只是运行/root/go/src/github.com/me/myapp/client/client来运行应用程序,那么它可以运行并按原样运行..所以看起来问题与myservice没有权限运行{{1} } binary或client systemd守护程序..

我也试过myclient.service,但结果是一样的......我相信运行chown myservice client与简单地以root用户而不是单独的用户运行systemd守护进程相同..

我真的不知道我可以采取哪些其他措施来确保文件由usermod -a -G root myservice用户而不是myservice用户执行..任何帮助都将非常感谢

编辑以解决Mark的评论:

输出非常长..我拿了最初的一个,然后我一直滚动直到我相信我达到了最新的错误:

root

你是对的,我按混合顺序添加了用户组..这是我运行命令时的输出:

Sep 14 11:49:17 myapp-c1 systemd[1]: [/lib/systemd/system/myclient.service:14] Unknown lvalue 'startLimitIntervalSec' in se
Sep 14 11:49:18 myapp-c1 systemd[1]: [/lib/systemd/system/myclient.service:14] Unknown lvalue 'startLimitIntervalSec' in se
Sep 14 11:49:20 myapp-c1 systemd[1]: [/lib/systemd/system/myclient.service:14] Unknown lvalue 'startLimitIntervalSec' in se
Sep 14 11:49:20 myapp-c1 systemd[1]: [/lib/systemd/system/myclient.service:14] Unknown lvalue 'startLimitIntervalSec' in se
Sep 14 11:49:22 myapp-c1 systemd[1]: [/lib/systemd/system/myclient.service:14] Unknown lvalue 'startLimitIntervalSec' in se
Sep 14 11:49:23 myapp-c1 systemd[1]: [/lib/systemd/system/myclient.service:14] Unknown lvalue 'startLimitIntervalSec' in se
Sep 14 11:49:24 myapp-c1 systemd[1]: [/lib/systemd/system/myclient.service:14] Unknown lvalue 'startLimitIntervalSec' in se
Sep 14 11:49:24 myapp-c1 systemd[1]: [/lib/systemd/system/myclient.service:14] Unknown lvalue 'startLimitIntervalSec' in se
Sep 14 11:49:51 myapp-c1 systemd[1]: [/lib/systemd/system/myclient.service:14] Unknown lvalue 'startLimitIntervalSec' in se
Sep 14 11:49:51 myapp-c1 systemd[1]: Stopped My client service.
Sep 14 11:49:51 myapp-c1 systemd[1]: [/lib/systemd/system/myclient.service:14] Unknown lvalue 'startLimitIntervalSec' in se
Sep 14 11:49:51 myapp-c1 systemd[1]: [/lib/systemd/system/myclient.service:14] Unknown lvalue 'startLimitIntervalSec' in se
Sep 14 11:49:51 myapp-c1 systemd[1]: [/lib/systemd/system/myclient.service:14] Unknown lvalue 'startLimitIntervalSec' in se
Sep 14 11:51:12 myapp-c1 systemd[1]: [/lib/systemd/system/myclient.service:14] Unknown lvalue 'startLimitIntervalSec' in se
Sep 14 11:51:12 myapp-c1 systemd[1]: Starting My client service...
Sep 14 11:51:12 myapp-c1 systemd[1]: Started My client service.
Sep 14 11:51:12 myapp-c1 systemd[1]: myclient.service: Main process exited, code=exited, status=203/EXEC
Sep 14 11:51:12 myapp-c1 systemd[1]: myclient.service: Unit entered failed state.
Sep 14 11:51:12 myapp-c1 systemd[1]: myclient.service: Failed with result 'exit-code'.
Sep 14 11:51:23 myapp-c1 systemd[1]: myclient.service: Service hold-off time over, scheduling restart.
Sep 14 11:51:23 myapp-c1 systemd[1]: Stopped My client service.

...

Sep 14 12:21:36 myapp-c1 systemd[1]: Started My client service.
Sep 14 12:21:36 myapp-c1 systemd[13245]: myclient.service: Failed at step EXEC spawning /root/go/src/github.com/me/myapp/client/client: 
Sep 14 12:21:36 myapp-c1 systemd[1]: myclient.service: Main process exited, code=exited, status=203/EXEC
Sep 14 12:21:36 myapp-c1 systemd[1]: myclient.service: Unit entered failed state.
Sep 14 12:21:36 myapp-c1 systemd[1]: myclient.service: Failed with result 'exit-code'.
Sep 14 12:21:46 myapp-c1 systemd[1]: myclient.service: Service hold-off time over, scheduling restart.
Sep 14 12:21:46 myapp-c1 systemd[1]: Stopped My client service.
Sep 14 12:21:46 myapp-c1 systemd[1]: Starting My client service...
Sep 14 12:21:46 myapp-c1 systemd[1]: Started My client service.
Sep 14 12:21:46 myapp-c1 systemd[1]: myclient.service: Main process exited, code=exited, status=203/EXEC
Sep 14 12:21:46 myapp-c1 systemd[1]: myclient.service: Unit entered failed state.
Sep 14 12:21:46 myapp-c1 systemd[1]: myclient.service: Failed with result 'exit-code'.
Sep 14 12:21:56 myapp-c1 systemd[1]: myclient.service: Service hold-off time over, scheduling restart.
Sep 14 12:21:56 myapp-c1 systemd[1]: Stopped My client service.
Sep 14 12:21:56 myapp-c1 systemd[1]: Starting My client service...
Sep 14 12:21:56 myapp-c1 systemd[1]: Started My client service.
Sep 14 12:21:56 myapp-c1 systemd[1]: myclient.service: Main process exited, code=exited, status=203/EXEC
Sep 14 12:21:56 myapp-c1 systemd[1]: myclient.service: Unit entered failed state.
Sep 14 12:21:56 myapp-c1 systemd[1]: myclient.service: Failed with result 'exit-code'.
Sep 14 12:22:07 myapp-c1 systemd[1]: myclient.service: Service hold-off time over, scheduling restart.
Sep 14 12:22:07 myapp-c1 systemd[1]: Stopped My client service.
Sep 14 12:22:07 myapp-c1 systemd[1]: Starting My client service...
Sep 14 12:22:07 myapp-c1 systemd[1]: Started My client service.

请注意,我使用$ grep myservice /etc/group myservice:1000:myservice ,我认为我不应该使用myservice

1 个答案:

答案 0 :(得分:1)

因为它是从CLI运行而不是从同一台机器上的systemd运行。这是相关常见问题解答的变体:Difference between systemd and terminal starting program

最可能的原因是在一个案例中设置了环境变量而在另一个案例中没有设置。同时将systemctl show your-unit-unit.service的输出与它所使用的系统之间的输出进行比较。

同时确认Type=与您正在运行的服务类型相匹配,并记录在man systemd.service中,并查看二进制文件的文档,以了解它将在何种情况下以状态代码203退出。

最后,检查服务器上的ls -lthd /root。通常,/root目录具有限制权限集,只允许root访问它下面的文件,但是您尝试在服务器上运行文件(它失败的地方),但不是在家里(它在那里)成功)。将代码移至/home/myservice可以解决该问题。

相关问题
最新问题