Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Sokets and RuntimeDir with correct owner and mode #8635

Closed
arthur-s opened this issue Apr 1, 2018 · 3 comments
Closed

Sokets and RuntimeDir with correct owner and mode #8635

arthur-s opened this issue Apr 1, 2018 · 3 comments
Labels
not-a-bug

Comments

@arthur-s
Copy link

arthur-s commented Apr 1, 2018

I have an issue with sockets and RuntimeDir.
veronica.socket:

[Socket]
ListenStream=/run/uwsgi/veronica.sock
SocketUser=arthur
SocketGroup=admins
SocketMode=0660

[Install]
WantedBy=sockets.target

veronica.service:

[Service]
PermissionsStartOnly=True
User=arthur
Group=admins
RuntimeDirectory=uwsgi
RuntimeDirectoryMode=0755
RuntimeDirectoryPreserve=always
ExecStart=some-command
Restart=always
KillSignal=SIGQUIT
Type=notify
StandardError=syslog
NotifyAccess=all

[Install]
WantedBy=multi-user.target

Now, after reloading systemctl daemon-reload, I start socket:

# systemctl start veronica.socket
# ls -al /run/uwsgi
drwxr-xr-x.  2 root    root   60 апр  1 07:20 .
drwxr-xr-x. 26 root    root  740 апр  1 07:20 ..
srw-rw----.  1 arthur admins   0 апр  1 07:20 veronica.sock

note, that RuntimeDir was created with owner root:root
and start service:

# systemctl start veronica.service
(it fails).
# ls -al /run/uwsgi                     
drwxr-xr-x.  2 arthur admins  60 апр  1 07:22 .
drwxr-xr-x. 26 root    root  740 апр  1 07:22 ..
-rw-r--r--.  1 arthur admins   6 апр  1 07:22 veronica.pid

You can see, that when I started service, RuntimeDir was deleted and created with owner arthur:admins.
I expect, that when I create socket, RuntimeDir must be created with owner and mode, taken from veronica.service, and then when I start service, runtime dir must contain veronica.socket and veronica.pid files
@arthur-s
Copy link
Author

arthur-s commented Apr 1, 2018

Sorry guys, problem was solved by using another dir for socket:
[Socket]
ListenStream=/run/uwsgi-sockets/veronica.sock

and for service:
[Service]
RuntimeDirectory=uwsgi

Now it works. Issue can be closed I think.

@fsateler
Copy link
Member

fsateler commented Apr 3, 2018

Yeah, the RuntimeDirectory lifetime is tied to the service, so you shouldn't use it for things that could predate or outlive the service.

I'll close the issue now.

@fsateler fsateler closed this as completed Apr 3, 2018
flokli added a commit to flokli/systemd that referenced this issue Apr 26, 2024
@flokli
man: document footgun on SocketUser=
cd01617 
`SocketUser=` might have inconsistent results if they're inside a path
specified by `RuntimeDirectory=` (or any other directory option where
directories are chown'ed on startup).

Especially in the case of creating a socket-activated service that's
reachable for another user (the most common usecase for this option),
it feels prudent to document this caveat, considering how frequently
these unix domain sockets happen to be created in /run.

I just ran into this, and it seems
systemd#8635 is at least another
documented case.
@flokli flokli mentioned this issue Apr 26, 2024
Open
@flokli
Copy link
Contributor

flokli commented Apr 26, 2024

I just ran into this as well, opened #32503 so hopefully less people will run into it in the future.

flokli added a commit to flokli/systemd that referenced this issue Apr 26, 2024
@flokli
man: document footgun on SocketUser=
1c7359c 
`SocketUser=` might have inconsistent results if they're inside a path
specified by `RuntimeDirectory=` (or any other directory option where
directories are chown'ed on startup).

Especially in the case of creating a socket-activated service that's
reachable for another user (the most common usecase for this option),
it feels prudent to document this caveat, considering how frequently
these unix domain sockets happen to be created in /run.

I just ran into this, and it seems
systemd#8635 is at least another
documented case.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
not-a-bug
Milestone
No milestone
Development

No branches or pull requests
3 participants
@flokli @fsateler @arthur-s