[systemd-devel] User/Group overrides in a templated service triggered via timer
Konstantin Ryabitsev
konstantin at linuxfoundation.org
Mon Aug 31 18:19:17 UTC 2020
Hi, all:
I have the following templated service definition:
--- grok-fsck at .service ---
[Unit]
Description=Grok-fsck service for %I
Documentation=https://github.com/mricon/grokmirror
[Service]
Type=oneshot
Environment="EXTRA_FSCK_OPTS="
EnvironmentFile=-/etc/sysconfig/grokmirror.default
EnvironmentFile=-/etc/sysconfig/grokmirror.%i
ExecStart=/usr/bin/grok-fsck -c /etc/grokmirror/%i.conf ${EXTRA_FSCK_OPTS}
IOSchedulingClass=idle
CPUSchedulingPolicy=idle
User=mirror
Group=mirror
--- end ---
It has a corresponding timer:
--- grok-fsck at .timer ---
[Unit]
Description=Grok-fsck timer for %I
Documentation=https://github.com/mricon/grokmirror
[Timer]
OnCalendar=Sat 04:00
[Install]
WantedBy=timers.target
--- end ---
I need to be able to modify User/Group for the process, to allow running
grok-fsck as a different user. For a regular service, I would create a
/etc/systemd/system/grok-fsck@[foo].d/10-runas.conf:
--- 10-runas.conf ---
[Service]
User=someotheruser
Group=someothergroup
--- end ---
However, it doesn't appear to be working for a service triggered via a
timer -- the process still runs as mirror/mirror.
What's the best way to make this work properly?
TIA,
-K
More information about the systemd-devel
mailing list