Writing a systemd service file

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi,
I'm trying to write a service file for a daemon and having some
problems. I believe the issue is with the ability to give the process
write and read access to parts of the filesystem which appear to
somehow be restricted.

The daemon is the Avira virus scanner, which runs under amavisd-new.

The daemon's home directory is
/usr/local/savapi-sdk-linux_glibc24_x86_64, and it needs write access
in the modules directory.

The daemon can run as root or as the amavis user. It drops its
privileges to the amavis user after starting anyway.

Here is what I have so far:

# cat /etc/systemd/system/savapi.service
[Unit]
Description=Avira Antivirus SDK
Documentation=http://www.ijs.si/software/amavisd/#doc
After=network.target
Wants=clamd@amavisd.service
Wants=postfix.service
RequiresMountsFor="/usr/local/savapi-sdk-linux_glibc24_x86_64"

[Service]
Type=forking
User=amavis
Group=amavis
PIDFile=/var/run/amavisd/savapi.pid
ExecStart=/var/spool/amavisd/savapi.sh start
ExecReload=/var/spool/amavisd/savapi.sh reload
Restart=on-failure
#PrivateTmp=
PrivateDevices=false
CapabilityBoundingSet=
ProtectSystem=full
ProtectHome=true

[Install]
WantedBy=multi-user.target

I've specified "RequiresMountsFor", which I understood could be used
to provide access to parts of the filesystem. I've also disabled
PrivateTmp and PrivateDevices.

The ExecStart script just spawns the savapi daemon:

        #!/bin/bash
        cd /usr/local/savapi-sdk-linux_glibc24_x86_64/bin
        ./savapi --config=savapi.conf &

When I attempt to start the service, journalctl -xe shows me:
Validation failed for option 'ModulesDir' with value
'/usr/local/savapi-sdk-linux_glibc24_x86_64/modules'. Path cannot be
accessed (no write permission).

ModulesDir is /usr/local/savapi-sdk-linux_glibc24_x86_64/modules

When I run the script manually as root or as the amavis user, it runs
successfully.

I think the problem is that I don't understand how systemd processes
access the filesystem and the restrictions on permissions.

Any ideas greatly appreciated.
Thanks,
Alex
_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux