<html>Dear Andrei, thank you very much, especially for the fast reply. The links gave very good information, unfortunately my version of systemd (< 250) does not support the command <pre><code>"systemd-creds" yet. But I found another solution... I pipe the password to the program with the "echo" command. Not a good idea? YES, not a good idea!!! But to solve the issue of plain text passwords in a script I compile the script with shc </code><a href="https://en.wikipedia.org/wiki/Shc_(shell_script_compiler)">Shc (shell script compiler) - Wikipedia </a> I need to do that anyway, since bestcrypt expects keyfiles, and I need to hide the name/location of these files. After compiling the script neither password nor keyfile information are visible any longer (in the binary). </pre>Your answer: What makes you think so? As is clearly visible in the service status, the ExecStart command *did* run. Whether it also did what you expected is another question. My answer/question: Weird thing, after I made changes as above the script runs - successfully. Before I had the situation that it was NOT run. Now I wonder, do services that do not run successfully become blacklisted (functionless) in any way? Difficult to explain here... Your answer: These Wants and After are redundant, every standard service will be ordered after local-fs.target unless it also has DefaultDependencies=no. My answer/question: I want my service to be run DIRECTLY (at first place) AFTER the local filesystems (in /etc/fstab) were mounted. Martin. -- Martin Stenzel (马丁-斯坦泽尔) An der Drehscheibe 9 50733 Köln Deutschland -----BEGIN PGP PUBLIC KEY BLOCK----- mDMEZHjlmRYJKwYBBAHaRw8BAQdAEr/C08aStyKx+vztCxz4Nn8BHO2Lx0OXllsz BP+ZEZm0Pk1hcnRpbiBTdGVuemVsIChDb2xvZ25lLCBHZXJtYW55KSA8bS5zdGVu emVsQG1haWwueHktc3BhY2UuZGU+iJYEExYIAD4WIQQrzOhRsO0/8FaU5ykQoKMS ax9FuAUCZHjlmQIbAwUJC0c1AAULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRAQ oKMSax9FuNswAPsEsMp2JdzzDkAw6VzByp2XUY921lFt9rVoaVcZmjV5awD/W57o a6c2qbD2p+AYkgKuffa2uZkX3mayvIxsfFnsWAW4OARkeOWZEgorBgEEAZdVAQUB AQdAFlq+E22Hk7Gj44CCN4LDr97Y41lUGzvqmpCDpSq0CEwDAQgHiH4EGBYIACYW IQQrzOhRsO0/8FaU5ykQoKMSax9FuAUCZHjlmQIbDAUJC0c1AAAKCRAQoKMSax9F uGHVAQDjAisQxn5ADKIRPsMfFpE847jFJGA2lRafU7C30gLzhwD8DcegQwz7/RLc yozIfQ6yIkz2cR3+NClIepnWV/ATQQw= =qQIl -----END PGP PUBLIC KEY BLOCK----- Fingerprint: 2BCC E851 B0ED 3FF0 5694 E729 10A0 A312 6B1F 45B8 This message was checked by ESET Endpoint Antivirus for Linux. <a href="https://www.eset.com">https://www.eset.com</a> On Monday, 07 August, 2023 11:04 CEST, Andrei Borzenkov <arvidjaar@gmail.com> wrote: <blockquote type="cite" cite="CAA91j0X_ddP281QcKR6TZv6_aACzW+kq8cZ__qoqrTR0TBrGzA@mail.gmail.com">On Mon, Aug 7, 2023 at 11:49 AM Martin Stenzel <m.stenzel@mail.xy-space.de> wrote: > > > Hi list, > I searched the _whole_ www but did not find the answer. > > > > I use bestcrypt <Encrypt Files with BestCrypt Container Encryption | Jetico> to mount the home directory. > > > This is my service file. > > -- > [Unit] > Description=Mount Bestcrypt containers > Wants=local-fs.target > After=local-fs.target > These Wants and After are redundant, every standard service will be ordered after local-fs.target unless it also has DefaultDependencies=no. > [Service] > Type=oneshot > RemainAfterExit=true > ExecStart=/usr/local/sbin/bcmount > ExecStop=/usr/local/sbin/bceject > > [Install] > WantedBy=multi-user.target > -- > > This is the file to be run > > -- > #!/bin/sh > /usr/bin/bctool mount /mnt/sdr2/2.jbc -t ext4 /mnt/el1-2_ > > exit 0 > -- > > If I run "bcmount" by hand (without systemd) it asks for a password, and this is very correct. > > If I want to start with "systemctl start bcmount" nothing happens, no error, no execution of the program "bcmount", but as you can see: > > > # systemctl status bestcrypt-fs > ● bestcrypt-fs.service - Mount Bestcrypt containers > Loaded: loaded (/etc/systemd/system/bestcrypt-fs.service; enabled; vendor preset: disabled) > Active: active (exited) (thawing) since Mon 2023-08-07 11:17:18 EEST; 20min ago > Process: 2645396 ExecStart=/usr/local/sbin/bcmount (code=exited, status=0/SUCCESS) > Main PID: 2645396 (code=exited, status=0/SUCCESS) > > > How come that the via "ExecStart=" given bash script does not get run? What makes you think so? As is clearly visible in the service status, the ExecStart command *did* run. Whether it also did what you expected is another question. > This script does not contain any errors. > The service file does not have any syntax errors either. Permissions to read/execute are verified! > > Do you have a clue? If your program needs a password entered interactively, it cannot request such a password using the "normal" way of reading from the terminal. It would need to implement support for requesting the password via password agents: https://systemd.io/PASSWORD_AGENTS/ Why your program returns success status when it could not obtain the necessary password is the question to your program. Internet most certainly has a lot of information about it. Like https://unix.stackexchange.com/questions/391040/is-there-a-typical-way-to-pass-a-password-to-a-systemd-unit-file > I even changed "oneshot" into "simple", striked "RemainAfterExit", etc. > > Is there any way I can see the whole process verbosely? > > > Martin. > > > -- > Martin Stenzel (马丁-斯坦泽尔) > An der Drehscheibe 9 > 50733 Köln > Deutschland > > > -----BEGIN PGP PUBLIC KEY BLOCK----- > > mDMEZHjlmRYJKwYBBAHaRw8BAQdAEr/C08aStyKx+vztCxz4Nn8BHO2Lx0OXllsz > BP+ZEZm0Pk1hcnRpbiBTdGVuemVsIChDb2xvZ25lLCBHZXJtYW55KSA8bS5zdGVu > emVsQG1haWwueHktc3BhY2UuZGU+iJYEExYIAD4WIQQrzOhRsO0/8FaU5ykQoKMS > ax9FuAUCZHjlmQIbAwUJC0c1AAULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRAQ > oKMSax9FuNswAPsEsMp2JdzzDkAw6VzByp2XUY921lFt9rVoaVcZmjV5awD/W57o > a6c2qbD2p+AYkgKuffa2uZkX3mayvIxsfFnsWAW4OARkeOWZEgorBgEEAZdVAQUB > AQdAFlq+E22Hk7Gj44CCN4LDr97Y41lUGzvqmpCDpSq0CEwDAQgHiH4EGBYIACYW > IQQrzOhRsO0/8FaU5ykQoKMSax9FuAUCZHjlmQIbDAUJC0c1AAAKCRAQoKMSax9F > uGHVAQDjAisQxn5ADKIRPsMfFpE847jFJGA2lRafU7C30gLzhwD8DcegQwz7/RLc > yozIfQ6yIkz2cR3+NClIepnWV/ATQQw= > =qQIl > -----END PGP PUBLIC KEY BLOCK----- > > Fingerprint: 2BCC E851 B0ED 3FF0 5694 E729 10A0 A312 6B1F 45B8 > > > This message was checked by ESET Endpoint Antivirus for Linux. > > https://www.eset.com</blockquote></html>