How can systemd run a command as root before launching a service as a different user? [closed]

I'm running svnserve on a Fedora 17 machine with the following systemd service file:

[Unit]
Description=Subversion Server
After=syslog.target network.target

[Service]
User=svn
Type=forking
Environment=HOME=/repos/svn
ExecStart=/usr/bin/svnserve --daemon --pid-file=/run/svnserve/svnserve.pid -r /repos/svn
PIDFile=/run/svnserve/svnserve.pid

[Install]
WantedBy=multi-user.target

This works fine as long as /var/run/svnserve is owned by svn:svn, but breaks on reboot when that ownership is reset to root:root. What I want is to add a pre-launch step that chowns the directory.

Unfortunately I can't find any real documentation on systemd unit files, but I saw that some were using 'ExecStartPre', so I tried this:

ExecStartPre=/bin/chown svn:svn /run/svnserve

Sadly this fails with an 'operation not permitted' error, so it looks like ExecStartPre also runs as the user specified in the unit file.

I also tried having the unit file run as root, then starting svnserve as the svn user via su, but that produced a vague error about the command-line being invalid.

How can systemd units perform actions as root prior to executing as a specific user?


Solution 1:

The subversion package in Fedora is using systemd's tmpfiles mechanism to create /run/svnserve at boot with root ownership (since the packaged .service file apparently runs the daemon as root). You could copy /usr/lib/tmpfiles.d/svnserve.conf to /etc/tmpfiles.d/svnserve.conf and change the owner. See man tmpfiles.d for details.