RHEL8 /usr/bin/su:权限被拒绝

tag-icon tag-icon linux permissions
RHEL8 /usr/bin/su:权限被拒绝

有一个自定义的系统服务在启动时运行,

运行中systemctl start出现错误

/etc/init.d/Startservice: line 2: /usr/bin/su: Permission denied

执行Startservice脚本,Startservice用root手动运行就可以了

#!/bin/bash 
su -c  '/infa/pwc/tomcat/bin/service.sh startup' - infaap

这是 ServiceName.service/usr/lib/systemd/system/

[Unit]
enter code here`Description=Auto Run infaservice and register to service
After=network.target

[Service]
Type=simple
RemainAfterExit=yes
#User=user
#Group=group
#WorkingDirectory=/path/to/folder
ExecStart=/etc/init.d/Startservice
#TimeoutSec=0s
#Restart=always
#RestartSec=5s

[Install]
WantedBy=default.target

由于安全问题,Selinux 不是解决方案。

我下一步该怎么做

更新:

[Unit]
Description=Auto Run infaservice and register to service
After=network.target

[Service]
Type=forking
RemainAfterExit=yes
User=infaap
Group=infaap
#WorkingDirectory=/path/to/folder
ExecStart=/infa/pwc/tomcat/bin/infaservice.sh startup
ExecStop=/infa/pwc/tomcat/bin/infaservice.sh shutdown
#TimeoutSec=0s
#Restart=always
#RestartSec=5s

[Install]
WantedBy=default.target

直接执行脚本后,收到此消息

OpenInfa.service: Failed to execute command: Permission denied
OpenInfa.service: Failed at step EXEC spawning /infa/pwc/tomcat/bin/infaservice.sh: Permission denied

答案1

你为什么要运行su?这毫无意义——相反,只需指定你希望由用户启动该服务即可infaap;你甚至注释掉了本来User=可以为你完成这一操作的那一行:

[Unit]
Description=Auto Run infaservice and register to service
After=network.target

[Service]
# `simple` is almost certainly not the type you want when starting
# something as complex as tomcat. I *bet* you meant `forking`!
Type=forking

User=infaap
# make sure this is the group name you want to use
Group=infaap

ExecStart=/infa/pwc/tomcat/bin/service.sh startup
# I guess stopping works something like this?
ExecStop=/infa/pwc/tomcat/bin/service.sh shutdown

# But honestly, tomcat's start and stop usually look different.
# so I think your `service.sh` is just yet another layer
# of indirection only needed for sysv-init, but not for 
# systemd. Instead, you'd want to use something like this:
# ExecStart=/infa/pwc/tomcat/bin/startup.sh
# ExecStop=/infa/pwc/tomcat/bin/shutdown.sh

[Install]
# is this really the target you want this to belong to?
# Usually, you want `WantedBy=multi-user.target`
WantedBy=default.target

相关内容