[systemd-devel] proper way for shutdown script

Wed Oct 5 12:37:33 UTC 2016

Lennart Poettering schreef op 05-10-2016 13:16:

> Why does nss-ldap require something like this? Sounds strange to me...

Thanks man. I was just gonna charge you $40 for missed time... ;-).

There are services during startup that are going to hang if you 
configure nsswitch.conf to also use ldap for e.g. passwd or group.

What this means is that in ldap.conf they have enabled something that 
will refuse ldap lookup for those kinds of users.

The script I mentioned adds this to the ldap.conf:

nss_initgroups_ignoreusers 
_apt,avahi,avahi-autoipd,backup,bin,colord,daemon,dnsmasq,games,gnats,hplip,irc,kernoops,list,lp,mail,man,messagebus,news,proxy,pulse,root,rtkit,saned,sddm,sshd,sync,sys,syslog,systemd-bus-proxy,systemd-network,systemd-resolve,systemd-timesync,unscd,usbmux,uucp,uuidd,whoopsie,www-data

It does this just based on a numeric ID, so all user IDs and group IDs 
(presumably) below probably 1000 are getting added there.

This is done on shutdown so it works right after installing the package.

If you don't do it, the system won't boot and will hang on 
logind.service even not starting.

Raise Network Interfaces will also fail.

But currently this is broken because the thing doesn't run by default 
and you manually have to run /usr/sbin/nssldap-update-ignoreusers but if 
you install more programs (services) in the meantime, this of course 
will have to be repeated. So it just does it on every reboot.

> What you probably want to do is write a single unit file with an
> ExecStart= and an ExecStop= line invoking the right bits to call
> during boot and those for shutdown. You want to set Type=oneshot and
> RemainAfterExit=yes.

I spent at least an hour trying to run something that would only run on 
shutdown and at some point it seemed to work but then I could not 
reproduce it. I had....

[Unit]
Description=Run script at shutdown and reboot
Before=umount.target exit.target
DefaultDependencies=no

[Service]
Type=oneshot

ExecStart=/usr/bin/touch /usr/local/testfile.txt

[Install]
WantedBy=runlevel0.target runlevel6.target

But no good....

>     [Unit]
>     Description=Wuffwuffwuff
> 
>     [Service]
>     Type=oneshot
>     RemainAfterExit=yes
>     ExecStart=/usr/bin/my-startup-script
>     ExecStop=/usr/bin/my-shutdown-script
> 
>     [Install]
>     WantedBy=multi-user.target

I found a solution on Arch forums that would do:

[Unit]
Description=rawr

[Service]
Type=oneshot
ExecStart=/bin/true
ExecStop=/usr/bin/touch /usr/local/somefile.txt
RemainAfterExit=yes

[Install]
WantedBy=sysinit.target

And this works. But now the service must be started first before it will 
be called on shutdown... :-/.

Which pollutes the boot-up log and there is really no reason for it?

You can still pay the money though, if you want ;-).

:p.

I started doing this about 2 hours ago and haven't done anything 
since... anything else, I mean.

:-/.