[systemd-devel] User/Group overrides in a templated service triggered via timer

[Kevin P. Fleming]

Did you also create an instance of the timer with the same instance
suffix? I've got a configuration working like that and it works fine.
If you don't want to do that, you can explicitly configure the name of
the service to be triggered (in the timer unit) instead of relying on
the timer/service names matching.

On Mon, Aug 31, 2020 at 2:19 PM Konstantin Ryabitsev
<konstantin at linuxfoundation.org> wrote:
>
> Hi, all:
>
> I have the following templated service definition:
>
> --- grok-fsck at .service ---
> [Unit]
> Description=Grok-fsck service for %I
> Documentation=https://github.com/mricon/grokmirror
>
> [Service]
> Type=oneshot
> Environment="EXTRA_FSCK_OPTS="
> EnvironmentFile=-/etc/sysconfig/grokmirror.default
> EnvironmentFile=-/etc/sysconfig/grokmirror.%i
> ExecStart=/usr/bin/grok-fsck -c /etc/grokmirror/%i.conf ${EXTRA_FSCK_OPTS}
> IOSchedulingClass=idle
> CPUSchedulingPolicy=idle
> User=mirror
> Group=mirror
> --- end ---
>
> It has a corresponding timer:
>
> --- grok-fsck at .timer ---
> [Unit]
> Description=Grok-fsck timer for %I
> Documentation=https://github.com/mricon/grokmirror
>
> [Timer]
> OnCalendar=Sat 04:00
>
> [Install]
> WantedBy=timers.target
> --- end ---
>
> I need to be able to modify User/Group for the process, to allow running
> grok-fsck as a different user. For a regular service, I would create a
> /etc/systemd/system/grok-fsck@[foo].d/10-runas.conf:
>
> --- 10-runas.conf ---
> [Service]
> User=someotheruser
> Group=someothergroup
> --- end ---
>
> However, it doesn't appear to be working for a service triggered via a
> timer -- the process still runs as mirror/mirror.
>
> What's the best way to make this work properly?
>
> TIA,
> -K
>
> _______________________________________________
> systemd-devel mailing list
> systemd-devel at lists.freedesktop.org
> https://lists.freedesktop.org/mailman/listinfo/systemd-devel