On Dienstag 2018-10-02 17:27, Lennart Poettering wrote:
On Di, 02.10.18 16:44, Thomas Blume (thomas.bl...@suse.com) wrote:
On Dienstag 2018-10-02 16:17, Lennart Poettering wrote:
Not sure I follow. System users should have a UID below 1000 (or
whatever your OS defines as boundary between system and regular
users).
Sure, but even UID 0 would be still amongst the user.slice and get the
user restrictions, right?
well, yes.
I mean not sure what you are asking for. *every* userspace process in
systemd needs to be managed under a unit. The cgroup tree is
universal, you cannot have processes outside of it, thus you have to
pick a unit.
Hence, yes, if you start some code as part of a user session it's part
of the user session units. If you start some code as a system service
then it is part of the service unit. What else would you expect? It
needs to be part of something.
AFAICS only the root slice is universal and contains the user and system
slice.
For the purpose of SAP, it would be good to have a separate custom slice
where the special resource demands of SAP can be addressed.
Also, when starting SAP in the user slice the SAP processes get killed
at shutdown as soon as the user sessions get stopped.
But thats too early for a system-like process like SAP.
When starting SAP in the system slice this issue doesn't happen, but
there seems to be no possibility to do management tasks for SAP with the
same environment and resource limits like when it was started.
Moreover system services should really be started as system
servers, and not from login sessions...
SAP is not a normal non-interactive daemon.
There are some management tasks that need to be executed via the
dedicated SAP user that Andrej described.
And it should be possible to manage SAP via this SAP user with
dedicated SAP resource limits and not with the normal user resource
limits.
But that isn't possible if the SAP user gets ordered below the user
slice like normal users.
Yes, normally they should be started that way, but what if you need to
do some maintenance tasks, for example starting a database in a special
mode?
I don't understand what you are asking.
What would you like to happen? if you start a process from such a
pseudo session, what unit would you want it to be assigned to?
A dedicated SAP unit under a dedicated SAP slice would be the best.
This unit should contain the User= parameter and take care of the
start of SAP at system boot.
Is it possible that, when loggin in as the same user as specified in the
User= parameter, the user gets assigned to the dedicated SAP unit?
I understand that this request is an unusal demand for systemd, but if
the system is supposed to be a proper platform for SAP that needs to be
addressed somehow.
If thats not possible, is there a way to take a user completely out of
systemd management?
Thanks and regards
Thomas
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/systemd-devel
