Ok, rebuilt with the correct --with-systemd-dir=/lib/systemd/system and
now I had more problems. Launched out of init.d it ran as root, launced out
of systemd, the unit file it created has User=daemon so it runs as daemon.
Problem with that is only root has access to /var/run and to the encryption key
file so I changed it back to root despite that being less secure.
Lastly it still failed because it tried to start before /misc was mounted
which is where the key file was so I modified the unit file line:
After=network.target
to:
After=network.target misc.mount
/misc is the file system where I have the encryption certs and keys.
Now it starts properly after a reboot. Downside, as with when it ran
out of /etc/init.d, it is running as root which from a security perspective
is undesirable.
What guacd should have is an item that goes into guacd.conf for user and
group so it can start as root, write the pid file and read the necessary
cert and key files, and then switch to said user and group just like Apache
httpd and tomcat do.
Then it could be both secure and functional.
-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-
Eskimo North Linux Friendly Internet Access, Shell Accounts, and Hosting.
Knowledgeable human assistance, not telephone trees or script readers.
See our web site: http://www.eskimo.com/ (206) 812-0051 or (800) 246-6874.
On Sun, 10 Mar 2019, Nick Couchman wrote:
Date: Sun, 10 Mar 2019 21:09:14 -0400
From: Nick Couchman <[email protected]>
Reply-To: [email protected]
To: [email protected]
Subject: Re: guacd not starting on boot
On Sun, Mar 10, 2019 at 8:07 PM Robert Dinse <[email protected]> wrote:
I have guacd installed, built with the --with-systemd flag and it
does
not install a systemd file but an initd file which systemd recognizes and
says it installs however, while systemctl start guacd works fine and
systemctl enable guacd indicates it did the right thing, it does not start
upon boot, I have to manually start it. Because some of the things it uses
are on NFS partitions, I suspect it's trying to start before NFS is up and
failing.
A couple of notes:
- The "--with-systemd" flag is not valid. The flag is
"--with-systemd-dir=<directory>", where directory is the location where
you'd like the systemd files installed. Can you please verify if that's
the flag you're using, and if you're specifying a directory, like
/etc/systemd/system or /usr/lib/systemd/system?
- Have you tried removing the initd file, reloading systemd (systemctl
daemon-reload) and seeing if the systemd unit then references the unit file
(assuming it's actually being installed)?
- If you have guacd running in a situation where NFS is required for guacd
to start you're going to have to make some modifications to either the
initd script or the systemd script. It sounds like, in this case, that the
issue is not with either the guacd initd or systemd files, but with a
customized environment you have. That's fine - we certainly don't expect
every environment to follow the ones we're used to; however, you may have
to do a little tweaking to the scripts to make them wait for NFS to be up
before starting guacd, if guacd is on a NFS share. I would suspect even if
you get the systemd script to install that you'll still have the same
issue, because the standard systemd unit file we provide does not require
NFS to be up. Fortunately, those changes should be relatively trivial to
either the initd script or the systemd unit file.
-Nick
