在 Ubuntu 20.04 LTS 上,我为 bitcoind 创建了一个服务/systemd 单元,但是当我启动它时,出现此错误:
Can't open PID file /run/bitcoind/bitcoind.pid (yet?) after start: Operation not permitted
这听起来像是权限问题(?),但我的理解是,PID 文件和/或包含它的文件夹是短暂的,就像只在服务运行时出现一样,那么你如何为来来去去的东西分配持久的权限呢?似乎也不需要为此改变权限。我该怎么做才能让设备正常运行?
● bitcoind.service - Bitcoin daemon
Loaded: loaded (/etc/systemd/system/bitcoind.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Sun 2021-06-20 09:46:57 CDT; 14s ago
Process: 104861 ExecStart=/usr/local/bin/bitcoind -daemon -pid=/run/bitcoind/bitcoind.pid -conf=/home/first/.bitcoin/bitcoin.conf -datadir=/blockchain/.bitcoin/data (code=exited, status=0/SUCCESS)
Main PID: 104866 (code=exited, status=1/FAILURE)
Jun 20 09:46:57 server systemd[1]: Starting Bitcoin daemon...
Jun 20 09:46:57 server systemd[1]: bitcoind.service: Can't open PID file /run/bitcoind/bitcoind.pid (yet?) after start: Operation not permitted
Jun 20 09:46:57 server systemd[1]: Started Bitcoin daemon.
Jun 20 09:46:57 server systemd[1]: bitcoind.service: Main process exited, code=exited, status=1/FAILURE
Jun 20 09:46:57 server systemd[1]: bitcoind.service: Failed with result 'exit-code'.
我正在使用这个 bitcoind.service 文件改编自Stadicus 的 Raspibolt 设置指南:
# RaspiBolt: systemd unit for bitcoind
# /etc/systemd/system/bitcoind.service
[Unit]
Description=Bitcoin daemon
After=network.target
[Service]
# Service execution
###################
ExecStart=/usr/local/bin/bitcoind -daemon \
-pid=/run/bitcoind/bitcoind.pid \
-conf=/home/first/.bitcoin/bitcoin.conf \
-datadir=/blockchain/.bitcoin/data
# Process management
####################
Type=forking
PIDFile=/run/bitcoind/bitcoind.pid
#ExecStartPost=/bin/sh -c 'chown first:first /run/bitcoind/bitcoind.pid'
#Restart=on-failure
#TimeoutSec=300
#RestartSec=30
# Directory creation and permissions
####################################
# Run as bitcoin:bitcoin
User=first
Group=first
# /run/bitcoind
RuntimeDirectory=bitcoind
RuntimeDirectoryMode=0710
# Hardening measures
####################
# Provide a private /tmp and /var/tmp.
PrivateTmp=true
# Mount /usr, /boot/ and /etc read-only for the process.
ProtectSystem=full
# Deny access to /home, /root and /run/user
ProtectHome=true
# Disallow the process and all of its children to gain
# new privileges through execve().
NoNewPrivileges=true
# Use a new /dev namespace only populated with API pseudo devices
# such as /dev/null, /dev/zero and /dev/random.
PrivateDevices=true
# Deny the creation of writable and executable memory mappings.
MemoryDenyWriteExecute=true
[Install]
WantedBy=multi-user.target
您可以看到我尝试将其添加到 bitcoind.service 文件中:
ExecStartPost=/bin/sh -c 'chown first:first /run/bitcoind/bitcoind.pid'
但它不起作用,并且似乎在 bitcoind.pid 文件存在之前执行。
答案1
两个发现:
- 我的 bitcoin.service 文件的‘强化措施’部分包含:
# Deny access to /home, /root and /run/user
ProtectHome=true
/home/.bitcoin 是我的 bitcoin.conf 文件所在位置,所以这就是问题所在。将 bitcoin.conf 移至其他地方,或禁用 ProtectHome 可让服务在此特定情况下成功启动。
- 以下错误消息与服务故障无关:
Can't open PID file /run/bitcoind/bitcoind.pid (yet?) after start: Operation not permitted
即使服务正常启动,此消息也会偶尔出现,因此,显然在这种情况下这根本不是问题。
答案2
无法打开 PID 文件 /run/bitcoind/bitcoind.pid
要么存在/run,/run/bitcoid要么 /run/bitcoind/bitcoind.pid不存在,如果存在,它不属于需要它的组的用户。
User=first会假设用户是“第一个”,并且当 pid 文件由另一个用户(/组)拥有时,那么“第一个”你也会得到“权限被拒绝”。
# Run as bitcoin:bitcoin User=first Group=first
请注意这里指出应该是:
# Run as bitcoin:bitcoin User=bitcoin Group=bitcoin
而不是“第一”。