Re: How to control the login prompt from my application service unit file?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Moji, Shashidhar wrote on 15/10/2019 05:15:
> Hi,
> 
> We have VMware vApp based solution. Our application gets installed
> during first boot.
> 
> Till now we had SLES11 OS based VM and we upgraded to SLES12. Now we
> have systemd instead of init scripts for service handling.
> 
> In SLES11, we had service dependency configured in init scripts that was
> holding back the login prompt until our application installation is
> done. But in SLES12, we get the login prompt before our application is
> installed.
> 
>  
> 
> How to hold the login prompt until our application installation is
> complete? We tried adding /Before=getty@.service/  in our application
> install unit file, but its not helping.
> 
>  
> 
> ~~~~~~~~~~~~~~~~~
> 
> [Unit]
> 
> Description=ADG runonce apg_install
> 
> DefaultDependencies=no
> 
> After=local-fs.target network-online.target
> 
> Before=getty@.service
> 
> Wants=network-online.target
> 
> Wants=network-onine.target
> 
>  
> 
> [Service]
> 
> Type=forking
> 
> ExecStartPre=/bin/touch /etc/no-login-console
> 
> ExecStart=/bin/sh -c "/opt/ADG/runonce/scripts/apg_install"
> 
> ExecStartPost=/opt/ADG/runonce/bin/runonce removeflag apg_install
> 
> ExecStartPost=/bin/rm /etc/no-login-console
> 
> KillMode=process
> 
> Restart=no
> 

Just as a slightly different approach, you may want to consider using
pam_nologin instead.

Systemd does it itself (it creates a /run/nologin files using
/usr/lib/tmpfiles.d/systemd-nologin.conf) which prevents login by anyone
other than root.

Systemd user sessions daemon removes the /run/nologin file but I presume
it would be possible to create your own /run/apgnologin file and
configure pam with file=/run/apgnologin file in addition to the default.

You could then create this file with tmpfiles (as systemd does with it's
file) and then remove it with your service.

This doesn't prevent the getty from appearing (and the root user can
still login) but if any user tries to login, the contents of the file
can explain to the user why they cannot login (rather than them just
sitting there with a delay).

Just a thought about an alternative approach that you may want to explore.

Col





-- 

Colin Guthrie
gmane(at)colin.guthr.ie
http://colin.guthr.ie/

Day Job:
  Tribalogic Limited http://www.tribalogic.net/
Open Source:
  Mageia Contributor http://www.mageia.org/
  PulseAudio Hacker http://www.pulseaudio.org/
  Trac Hacker http://trac.edgewall.org/
_______________________________________________
systemd-devel mailing list
systemd-devel@xxxxxxxxxxxxxxxxxxxxx
https://lists.freedesktop.org/mailman/listinfo/systemd-devel




[Index of Archives]     [LARTC]     [Bugtraq]     [Yosemite Forum]     [Photo]

  Powered by Linux