Hi,
>> This is the particular part of your setup that makes you use DynamicUser=no.
>> You can also use ReadWritePaths=${HOMEDIR}/${radicale folder}
>>
> That change isn't working for me. I added ReadWritePaths, changed
> DynamicUser=yes, and removed User and Group. After rebooting (because I can't
> seem to commit the changes when systemctl restart doesn't) radicale broke
> again. journald output (with duplicate lines removed):
If you remove de radicale user, this is expected: ${HOMEDIR}/${radicale} is then
owned by uid x and the uwsgi radicale service gets a random uid
(DynamicUser=yes)
and gets permission denied errors on radicale date.
> I found in my troubleshooting is that someone (probably uwsgi) was messing
> around with the folder and file permissions. It took some effort to revert to
> my previous uwsgi-app@radicale configuration. A few more reboots and it seems
> to be co-operating again.
This is in the DynamicUser doc[1][2]:
If a statically allocated user or group of the configured name already
exists, it is used and no dynamic user/group is allocated.
Dynamic users/groups are allocated from the UID/GID range 61184…65519.
systemd will recursively change the ownership of the [state] directory and
everything contained
So your setup needs either:
- a persitent user and ReadWritePaths, or
- DynamicUser=yes and StateDirectory=${HOMEDIR}/${radicale}
Changing conf does not need reboots, only daemon-reload and restart of service
or socket.
Thanks,
Alex
[1]
https://www.freedesktop.org/software/systemd/man/latest/systemd.exec.html?#DynamicUser=
[2] https://0pointer.net/blog/dynamic-users-with-systemd.html
