How can systemd run a command as root before launching a service as a different user? [closed]
I'm running svnserve on a Fedora 17 machine with the following systemd service file:
[Unit]
Description=Subversion Server
After=syslog.target network.target
[Service]
User=svn
Type=forking
Environment=HOME=/repos/svn
ExecStart=/usr/bin/svnserve --daemon --pid-file=/run/svnserve/svnserve.pid -r /repos/svn
PIDFile=/run/svnserve/svnserve.pid
[Install]
WantedBy=multi-user.target
This works fine as long as /var/run/svnserve is owned by svn:svn, but breaks on reboot when that ownership is reset to root:root. What I want is to add a pre-launch step that chowns the directory.
Unfortunately I can't find any real documentation on systemd unit files, but I saw that some were using 'ExecStartPre', so I tried this:
ExecStartPre=/bin/chown svn:svn /run/svnserve
Sadly this fails with an 'operation not permitted' error, so it looks like ExecStartPre also runs as the user specified in the unit file.
I also tried having the unit file run as root, then starting svnserve as the svn user via su, but that produced a vague error about the command-line being invalid.
How can systemd units perform actions as root prior to executing as a specific user?
Solution 1:
The subversion package in Fedora is using systemd's tmpfiles mechanism to create /run/svnserve
at boot with root ownership (since the packaged .service file apparently runs the daemon as root). You could copy /usr/lib/tmpfiles.d/svnserve.conf
to /etc/tmpfiles.d/svnserve.conf
and change the owner. See man tmpfiles.d
for details.