On Di, 05.05.20 08:48, Aviram, Nimrod (NAviram@xxxxxxxxxxxxxx) wrote: > HI, > > I've been using the following service to control our catalane server for the past few years now. > After upgrading OS to RHEL 7.8 , the service fails to start. > I'm usually creating a basic user (cfrm) to run Catalina but I've also tried with root and received the same exception. > I know that something was changed in systemd but I can't figure out how to fix this. > Any help will be appreciated. > > [Unit] > Description=cfrmic > [Service] > User=cfrm So, you run the service as "cfrm" user already, i.e. unprivileged. > Environment=JAVA_HOME=$JAVA_HOME As others mentioned, this makes no sense, unit files will not evaluate env vars, and even if it would assigned a variable's value to the variable is kinda pointless, no? > May 05 04:45:13 US02VLAPP8519 su[2249]: pam_unix(su-l:auth): auth could not identify password for [cfrm] > May 05 04:45:13 US02VLAPP8519 su[2249]: pam_sss(su-l:auth): authentication failure; logname= uid=1001 euid=0 tty= ruser=cfrm rhost= user=cfrm > May 05 04:45:13 US02VLAPP8519 su[2249]: pam_sss(su-l:auth): received for user cfrm: 10 (User not known to the underlying authentication module) > May 05 04:45:13 US02VLAPP8519 su[2249]: FAILED SU (to cfrm) cfrm on none > May 05 04:45:14 US02VLAPP8519 manager.sh[2248]: Password: su: > Authentication failure I appears your service script uses "su" to switch to the "cfrm" user. As we noted above it is already running as as that user, which hence makes this pointless. This "su" fails, because no pw was supplied. Most likely your distro changed behaviour there, i.e. previously allowed "su" from a user to itself and now doesn't anymore. Eithre way, it's kinda pointless doing that anyway... In general: it's not a good idea to use "su" in shell scripts. "su" creates login sessions, but for system stuff that's not desirable typically. Use util-linux' setpriv(1) tool instead. But again, in this case it's entirely pointless, … Lennart -- Lennart Poettering, Berlin _______________________________________________ systemd-devel mailing list systemd-devel@xxxxxxxxxxxxxxxxxxxxx https://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: systemd service fails to start rhel7.8
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- Subject: Re: systemd service fails to start rhel7.8
- From: Lennart Poettering <lennart@xxxxxxxxxxxxxx>
- Date: Wed, 6 May 2020 15:06:08 +0200
- Cc: "systemd-devel@xxxxxxxxxxxxxxxxxxxxx" <systemd-devel@xxxxxxxxxxxxxxxxxxxxx>
- In-reply-to: <AM0PR01MB41298192A558D14CF44626C6DAA70@AM0PR01MB4129.eurprd01.prod.exchangelabs.com>
- References: <AM0PR01MB41298192A558D14CF44626C6DAA70@AM0PR01MB4129.eurprd01.prod.exchangelabs.com>
- References:
- systemd service fails to start rhel7.8
- From: Aviram, Nimrod
- systemd service fails to start rhel7.8
- Prev by Date: Re: Udev Regex
- Next by Date: Re: EXT :Antw: [EXT] Udev Regex
- Previous by thread: Re: systemd service fails to start rhel7.8
- Next by thread: IdleAction=lock not working in ubuntu
- Index(es):
 |