假设我有 nginx 在 systemd 下运行,如下所示:
# /lib/systemd/system/nginx.service
[Unit]
Description=nginx - high performance web server
Documentation=https://nginx.org/en/docs/
After=network-online.target remote-fs.target nss-lookup.target
Wants=network-online.target
[Service]
Type=forking
PIDFile=/var/run/nginx.pid
ExecStart=/usr/sbin/nginx -c /etc/nginx/nginx.conf
ExecReload=/bin/sh -c "/bin/kill -s HUP $(/bin/cat /var/run/nginx.pid)"
ExecStop=/bin/sh -c "/bin/kill -s TERM $(/bin/cat /var/run/nginx.pid)"
[Install]
WantedBy=multi-user.target
另一项服务如下所示:
[Unit]
Description=...
After=network.target
[Service]
Type=simple
User=unitname
Group=unitname
DynamicUser=true
StateDirectory=unitname
PrivateTmp=true
ExecStart=somecommand
我如何向用户授予对/var/lib/unitname(链接/var/lib/private/unitname)的访问权限nginx(这nginx会删除权限并切换到)?