[systemd-devel] How to control the login prompt from my application service unit file?

Colin Guthrie gmane at colin.guthr.ie
Tue Oct 15 15:47:18 UTC 2019 

Moji, Shashidhar wrote on 15/10/2019 05:15:
> Hi,
> 
> We have VMware vApp based solution. Our application gets installed
> during first boot.
> 
> Till now we had SLES11 OS based VM and we upgraded to SLES12. Now we
> have systemd instead of init scripts for service handling.
> 
> In SLES11, we had service dependency configured in init scripts that was
> holding back the login prompt until our application installation is
> done. But in SLES12, we get the login prompt before our application is
> installed.
> 
>  
> 
> How to hold the login prompt until our application installation is
> complete? We tried adding /Before=getty at .service/  in our application
> install unit file, but its not helping.
> 
>  
> 
> ~~~~~~~~~~~~~~~~~
> 
> [Unit]
> 
> Description=ADG runonce apg_install
> 
> DefaultDependencies=no
> 
> After=local-fs.target network-online.target
> 
> Before=getty at .service
> 
> Wants=network-online.target
> 
> Wants=network-onine.target
> 
>  
> 
> [Service]
> 
> Type=forking
> 
> ExecStartPre=/bin/touch /etc/no-login-console
> 
> ExecStart=/bin/sh -c "/opt/ADG/runonce/scripts/apg_install"
> 
> ExecStartPost=/opt/ADG/runonce/bin/runonce removeflag apg_install
> 
> ExecStartPost=/bin/rm /etc/no-login-console
> 
> KillMode=process
> 
> Restart=no
> 

Just as a slightly different approach, you may want to consider using
pam_nologin instead.

Systemd does it itself (it creates a /run/nologin files using
/usr/lib/tmpfiles.d/systemd-nologin.conf) which prevents login by anyone
other than root.

Systemd user sessions daemon removes the /run/nologin file but I presume
it would be possible to create your own /run/apgnologin file and
configure pam with file=/run/apgnologin file in addition to the default.

You could then create this file with tmpfiles (as systemd does with it's
file) and then remove it with your service.

This doesn't prevent the getty from appearing (and the root user can
still login) but if any user tries to login, the contents of the file
can explain to the user why they cannot login (rather than them just
sitting there with a delay).

Just a thought about an alternative approach that you may want to explore.

Col





-- 

Colin Guthrie
gmane(at)colin.guthr.ie
http://colin.guthr.ie/

Day Job:
  Tribalogic Limited http://www.tribalogic.net/
Open Source:
  Mageia Contributor http://www.mageia.org/
  PulseAudio Hacker http://www.pulseaudio.org/
  Trac Hacker http://trac.edgewall.org/

More information about the systemd-devel mailing list