有一个自定义的系统服务在启动时运行,
运行中systemctl start
出现错误
/etc/init.d/Startservice: line 2: /usr/bin/su: Permission denied
执行Startservice脚本,Startservice
用root手动运行就可以了
#!/bin/bash
su -c '/infa/pwc/tomcat/bin/service.sh startup' - infaap
这是 ServiceName.service/usr/lib/systemd/system/
[Unit]
enter code here`Description=Auto Run infaservice and register to service
After=network.target
[Service]
Type=simple
RemainAfterExit=yes
#User=user
#Group=group
#WorkingDirectory=/path/to/folder
ExecStart=/etc/init.d/Startservice
#TimeoutSec=0s
#Restart=always
#RestartSec=5s
[Install]
WantedBy=default.target
由于安全问题,Selinux 不是解决方案。
我下一步该怎么做
更新:
[Unit]
Description=Auto Run infaservice and register to service
After=network.target
[Service]
Type=forking
RemainAfterExit=yes
User=infaap
Group=infaap
#WorkingDirectory=/path/to/folder
ExecStart=/infa/pwc/tomcat/bin/infaservice.sh startup
ExecStop=/infa/pwc/tomcat/bin/infaservice.sh shutdown
#TimeoutSec=0s
#Restart=always
#RestartSec=5s
[Install]
WantedBy=default.target
直接执行脚本后,收到此消息
OpenInfa.service: Failed to execute command: Permission denied
OpenInfa.service: Failed at step EXEC spawning /infa/pwc/tomcat/bin/infaservice.sh: Permission denied
答案1
你为什么要运行su
?这毫无意义——相反,只需指定你希望由用户启动该服务即可infaap
;你甚至注释掉了本来User=
可以为你完成这一操作的那一行:
[Unit]
Description=Auto Run infaservice and register to service
After=network.target
[Service]
# `simple` is almost certainly not the type you want when starting
# something as complex as tomcat. I *bet* you meant `forking`!
Type=forking
User=infaap
# make sure this is the group name you want to use
Group=infaap
ExecStart=/infa/pwc/tomcat/bin/service.sh startup
# I guess stopping works something like this?
ExecStop=/infa/pwc/tomcat/bin/service.sh shutdown
# But honestly, tomcat's start and stop usually look different.
# so I think your `service.sh` is just yet another layer
# of indirection only needed for sysv-init, but not for
# systemd. Instead, you'd want to use something like this:
# ExecStart=/infa/pwc/tomcat/bin/startup.sh
# ExecStop=/infa/pwc/tomcat/bin/shutdown.sh
[Install]
# is this really the target you want this to belong to?
# Usually, you want `WantedBy=multi-user.target`
WantedBy=default.target