Re: [systemd-devel] systemd service fails to start rhel7.8
On Di, 05.05.20 08:48, Aviram, Nimrod (navi...@bottomline.com) wrote: > HI, > > I've been using the following service to control our catalane server for the > past few years now. > After upgrading OS to RHEL 7.8 , the service fails to start. > I'm usually creating a basic user (cfrm) to run Catalina but I've also tried > with root and received the same exception. > I know that something was changed in systemd but I can't figure out how to > fix this. > Any help will be appreciated. > > [Unit] > Description=cfrmic > [Service] > User=cfrm So, you run the service as "cfrm" user already, i.e. unprivileged. > Environment=JAVA_HOME=$JAVA_HOME As others mentioned, this makes no sense, unit files will not evaluate env vars, and even if it would assigned a variable's value to the variable is kinda pointless, no? > May 05 04:45:13 US02VLAPP8519 su[2249]: pam_unix(su-l:auth): auth could not > identify password for [cfrm] > May 05 04:45:13 US02VLAPP8519 su[2249]: pam_sss(su-l:auth): authentication > failure; logname= uid=1001 euid=0 tty= ruser=cfrm rhost= user=cfrm > May 05 04:45:13 US02VLAPP8519 su[2249]: pam_sss(su-l:auth): received for user > cfrm: 10 (User not known to the underlying authentication module) > May 05 04:45:13 US02VLAPP8519 su[2249]: FAILED SU (to cfrm) cfrm on none > May 05 04:45:14 US02VLAPP8519 manager.sh[2248]: Password: su: > Authentication failure I appears your service script uses "su" to switch to the "cfrm" user. As we noted above it is already running as as that user, which hence makes this pointless. This "su" fails, because no pw was supplied. Most likely your distro changed behaviour there, i.e. previously allowed "su" from a user to itself and now doesn't anymore. Eithre way, it's kinda pointless doing that anyway... In general: it's not a good idea to use "su" in shell scripts. "su" creates login sessions, but for system stuff that's not desirable typically. Use util-linux' setpriv(1) tool instead. But again, in this case it's entirely pointless, … Lennart -- Lennart Poettering, Berlin ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] systemd service fails to start rhel7.8
On Tue, May 05, 2020 at 08:48:17AM +, Aviram, Nimrod wrote: > After upgrading OS to RHEL 7.8 , the service fails to start. > I'm usually creating a basic user (cfrm) to run Catalina but I've also tried > with root and received the same exception. > > [Unit] > Description=cfrmic > [Service] > User=cfrm > Environment=JAVA_HOME=$JAVA_HOME This line is weird. > PIDFile=/opt/ic/Appserver/logs/tomcat.pid > WorkingDirectory=/opt/ic > Type=forking > ExecStart=/opt/ic/manager.sh start > ExecStop=/opt/ic/manager.sh stop > TimeoutStartSec=60 > TimeoutStopSec=180 > > [Install] > WantedBy=multi-user.target > > > > Journalctl -xe --> > > May 05 04:45:13 US02VLAPP8519 systemd[1]: Starting cfrmic... > -- Subject: Unit cfrmic.service has begun start-up > -- Defined-By: systemd > -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel > -- > -- Unit cfrmic.service has begun starting up. > May 05 04:45:13 US02VLAPP8519 su[2249]: pam_unix(su-l:auth): auth could not > identify password for [cfrm] > May 05 04:45:13 US02VLAPP8519 su[2249]: pam_sss(su-l:auth): authentication > failure; logname= uid=1001 euid=0 tty= ruser=cfrm rhost= user=cfrm > May 05 04:45:13 US02VLAPP8519 su[2249]: pam_sss(su-l:auth): received for user > cfrm: 10 (User not known to the underlying authentication module) Clearly user cfrm does not exists from PAM point of view. That's the problem. I also doubt you have the same problem when running as root. Maybe you didn't do 'systectl daemon-reload' after changing the unit file? -- Tomasz TorczOnce you've read the dictionary, to...@pipebreaker.plevery other book is just a remix. ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel
[systemd-devel] systemd service fails to start rhel7.8
HI, I've been using the following service to control our catalane server for the past few years now. After upgrading OS to RHEL 7.8 , the service fails to start. I'm usually creating a basic user (cfrm) to run Catalina but I've also tried with root and received the same exception. I know that something was changed in systemd but I can't figure out how to fix this. Any help will be appreciated. [Unit] Description=cfrmic [Service] User=cfrm Environment=JAVA_HOME=$JAVA_HOME PIDFile=/opt/ic/Appserver/logs/tomcat.pid WorkingDirectory=/opt/ic Type=forking ExecStart=/opt/ic/manager.sh start ExecStop=/opt/ic/manager.sh stop TimeoutStartSec=60 TimeoutStopSec=180 [Install] WantedBy=multi-user.target Journalctl -xe --> May 05 04:45:13 US02VLAPP8519 systemd[1]: Starting cfrmic... -- Subject: Unit cfrmic.service has begun start-up -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit cfrmic.service has begun starting up. May 05 04:45:13 US02VLAPP8519 su[2249]: pam_unix(su-l:auth): auth could not identify password for [cfrm] May 05 04:45:13 US02VLAPP8519 su[2249]: pam_sss(su-l:auth): authentication failure; logname= uid=1001 euid=0 tty= ruser=cfrm rhost= user=cfrm May 05 04:45:13 US02VLAPP8519 su[2249]: pam_sss(su-l:auth): received for user cfrm: 10 (User not known to the underlying authentication module) May 05 04:45:13 US02VLAPP8519 su[2249]: FAILED SU (to cfrm) cfrm on none May 05 04:45:14 US02VLAPP8519 manager.sh[2248]: Password: su: Authentication failure May 05 04:45:14 US02VLAPP8519 systemd[1]: cfrmic.service: control process exited, code=exited status=1 May 05 04:45:14 US02VLAPP8519 systemd[1]: Failed to start cfrmic. -- Subject: Unit cfrmic.service has failed -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit cfrmic.service has failed. -- -- The result is failed. May 05 04:45:14 US02VLAPP8519 systemd[1]: Unit cfrmic.service entered failed state. May 05 04:45:14 US02VLAPP8519 systemd[1]: cfrmic.service failed. May 05 04:45:14 US02VLAPP8519 polkitd[841]: Unregistered Authentication Agent for unix-process:2242:54597 (system bus name :1.35, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, lo lines 2301-2360/2360 (END) Thanks, Nimo ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel
