thank you very much, especially for the fast reply.
The links gave very good information, unfortunately my version of systemd (< 250) does not support the command
"systemd-creds" yet. But I found another solution...
I pipe the password to the program with the "echo" command. Not a good idea? YES, not a good idea!!!
But to solve the issue of plain text passwords in a script I compile the script with shc
Shc (shell script compiler) - Wikipedia
I need to do that anyway, since bestcrypt expects keyfiles, and I need to hide the name/location of these files.
After compiling the script neither password nor keyfile information are visible any longer (in the binary).
What makes you think so? As is clearly visible in the service status,
the ExecStart command *did* run. Whether it also did what you expected
is another question.
My answer/question:
Weird thing, after I made changes as above the script runs - successfully. Before I had the situation that it was NOT run.
Now I wonder, do services that do not run successfully become blacklisted (functionless) in any way? Difficult to explain here...
Your answer:
These Wants and After are redundant, every standard service will be
ordered after local-fs.target unless it also has
DefaultDependencies=no.
My answer/question:
I want my service to be run DIRECTLY (at first place) AFTER the local filesystems (in /etc/fstab) were mounted.
Martin.
--
Martin Stenzel (马丁-斯坦泽尔)
An der Drehscheibe 9
50733 Köln
Deutschland
-----BEGIN PGP PUBLIC KEY BLOCK-----
mDMEZHjlmRYJKwYBBAHaRw8BAQdAEr/C08aStyKx+vztCxz4Nn8BHO2Lx0OXllsz
BP+ZEZm0Pk1hcnRpbiBTdGVuemVsIChDb2xvZ25lLCBHZXJtYW55KSA8bS5zdGVu
emVsQG1haWwueHktc3BhY2UuZGU+iJYEExYIAD4WIQQrzOhRsO0/8FaU5ykQoKMS
ax9FuAUCZHjlmQIbAwUJC0c1AAULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRAQ
oKMSax9FuNswAPsEsMp2JdzzDkAw6VzByp2XUY921lFt9rVoaVcZmjV5awD/W57o
a6c2qbD2p+AYkgKuffa2uZkX3mayvIxsfFnsWAW4OARkeOWZEgorBgEEAZdVAQUB
AQdAFlq+E22Hk7Gj44CCN4LDr97Y41lUGzvqmpCDpSq0CEwDAQgHiH4EGBYIACYW
IQQrzOhRsO0/8FaU5ykQoKMSax9FuAUCZHjlmQIbDAUJC0c1AAAKCRAQoKMSax9F
uGHVAQDjAisQxn5ADKIRPsMfFpE847jFJGA2lRafU7C30gLzhwD8DcegQwz7/RLc
yozIfQ6yIkz2cR3+NClIepnWV/ATQQw=
=qQIl
-----END PGP PUBLIC KEY BLOCK-----
Fingerprint: 2BCC E851 B0ED 3FF0 5694 E729 10A0 A312 6B1F 45B8
This message was checked by ESET Endpoint Antivirus for Linux.
https://www.eset.com
On Monday, 07 August, 2023 11:04 CEST, Andrei Borzenkov <arvidjaar@xxxxxxxxx> wrote:
On Mon, Aug 7, 2023 at 11:49 AM Martin Stenzel
<m.stenzel@xxxxxxxxxxxxxxxx> wrote:
>
>
> Hi list,
> I searched the _whole_ www but did not find the answer.
>
>
>
> I use bestcrypt <Encrypt Files with BestCrypt Container Encryption | Jetico> to mount the home directory.
>
>
> This is my service file.
>
> --
> [Unit]
> Description=Mount Bestcrypt containers
> Wants=local-fs.target
> After=local-fs.target
>
These Wants and After are redundant, every standard service will be
ordered after local-fs.target unless it also has
DefaultDependencies=no.
> [Service]
> Type=oneshot
> RemainAfterExit=true
> ExecStart=/usr/local/sbin/bcmount
> ExecStop=/usr/local/sbin/bceject
>
> [Install]
> WantedBy=multi-user.target
> --
>
> This is the file to be run
>
> --
> #!/bin/sh
> /usr/bin/bctool mount /mnt/sdr2/2.jbc -t ext4 /mnt/el1-2_
>
> exit 0
> --
>
> If I run "bcmount" by hand (without systemd) it asks for a password, and this is very correct.
>
> If I want to start with "systemctl start bcmount" nothing happens, no error, no execution of the program "bcmount", but as you can see:
>
>
> # systemctl status bestcrypt-fs
> ● bestcrypt-fs.service - Mount Bestcrypt containers
> Loaded: loaded (/etc/systemd/system/bestcrypt-fs.service; enabled; vendor preset: disabled)
> Active: active (exited) (thawing) since Mon 2023-08-07 11:17:18 EEST; 20min ago
> Process: 2645396 ExecStart=/usr/local/sbin/bcmount (code=exited, status=0/SUCCESS)
> Main PID: 2645396 (code=exited, status=0/SUCCESS)
>
>
> How come that the via "ExecStart=" given bash script does not get run?
What makes you think so? As is clearly visible in the service status,
the ExecStart command *did* run. Whether it also did what you expected
is another question.
> This script does not contain any errors.
> The service file does not have any syntax errors either. Permissions to read/execute are verified!
>
> Do you have a clue?
If your program needs a password entered interactively, it cannot
request such a password using the "normal" way of reading from the
terminal. It would need to implement support for requesting the
password via password agents: https://systemd.io/PASSWORD_AGENTS/
Why your program returns success status when it could not obtain the
necessary password is the question to your program.
Internet most certainly has a lot of information about it. Like
https://unix.stackexchange.com/questions/391040/is-there-a-typical-way-to-pass-a-password-to-a-systemd-unit-file
> I even changed "oneshot" into "simple", striked "RemainAfterExit", etc.
>
> Is there any way I can see the whole process verbosely?
>
>
> Martin.
>
>
> --
> Martin Stenzel (马丁-斯坦泽尔)
> An der Drehscheibe 9
> 50733 Köln
> Deutschland
>
>
> -----BEGIN PGP PUBLIC KEY BLOCK-----
>
> mDMEZHjlmRYJKwYBBAHaRw8BAQdAEr/C08aStyKx+vztCxz4Nn8BHO2Lx0OXllsz
> BP+ZEZm0Pk1hcnRpbiBTdGVuemVsIChDb2xvZ25lLCBHZXJtYW55KSA8bS5zdGVu
> emVsQG1haWwueHktc3BhY2UuZGU+iJYEExYIAD4WIQQrzOhRsO0/8FaU5ykQoKMS
> ax9FuAUCZHjlmQIbAwUJC0c1AAULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRAQ
> oKMSax9FuNswAPsEsMp2JdzzDkAw6VzByp2XUY921lFt9rVoaVcZmjV5awD/W57o
> a6c2qbD2p+AYkgKuffa2uZkX3mayvIxsfFnsWAW4OARkeOWZEgorBgEEAZdVAQUB
> AQdAFlq+E22Hk7Gj44CCN4LDr97Y41lUGzvqmpCDpSq0CEwDAQgHiH4EGBYIACYW
> IQQrzOhRsO0/8FaU5ykQoKMSax9FuAUCZHjlmQIbDAUJC0c1AAAKCRAQoKMSax9F
> uGHVAQDjAisQxn5ADKIRPsMfFpE847jFJGA2lRafU7C30gLzhwD8DcegQwz7/RLc
> yozIfQ6yIkz2cR3+NClIepnWV/ATQQw=
> =qQIl
> -----END PGP PUBLIC KEY BLOCK-----
>
> Fingerprint: 2BCC E851 B0ED 3FF0 5694 E729 10A0 A312 6B1F 45B8
>
>
> This message was checked by ESET Endpoint Antivirus for Linux.
>
> https://www.eset.com
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
