<div dir="ltr"><div class="gmail_quote gmail_quote_container"><div dir="ltr" class="gmail_attr">On Thu, Feb 6, 2025 at 10:29 AM Dluhosch, Michael <<a href="mailto:michael.dluhosch@airbus.com">michael.dluhosch@airbus.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div class="msg7737572381197584327"> <div dir="ltr" style="font-size:12pt;color:rgb(0,0,0);background-color:rgb(255,255,255);font-family:Calibri,Arial,Helvetica,sans-serif"> <p>Hello,</p> <p><br> </p> <p>I want a service which executes 'startFoo.sh' exactly like a user 'Foo' would experience it. This is my current approach:<br> </p> <blockquote> <p><span style="font-family:"Courier New",monospace">[Service]</span><br style="font-family:"Courier New",monospace"> <span style="font-family:"Courier New",monospace">ExecStart=/usr/bin/startFoo.sh</span></p> <p><span style="font-family:"Courier New",monospace">User=Foo</span></p> <p><span style="font-family:"Courier New",monospace">PAMName=login</span></p> </blockquote> <p><br> </p> <p>And it seems to work just fine. But I can't figure out how to stop this service and all of its childs in a clean way. According to the systemd.exec documentation this service will start a 'session scope' CGroup but it does not mention how to stop this when the service stops. So far I found this workaround:</p> <p>I add a </p> <blockquote> <p><span style="font-family:"Courier New",monospace">ExecStop=/usr/bin/stopFoo.sh </span></p> </blockquote> <p>to the main service which does that:</p> <blockquote><span style="font-family:"Courier New",monospace"><span style="color:rgb(0,0,0);background-color:rgb(255,255,255);font-family:"Courier New",monospace"><span style="font-family:"Courier New",monospace">#!/bin/bash </span></span></span><br style="font-family:"Courier New",monospace"> <span style="font-family:"Courier New",monospace"><span style="font-family:"Courier New",monospace">systemctl stop $(systemctl status $(pidof <anyProcessNameInsideTheChildCGroup>) | grep user.*slice | grep -o session.*scope)</span></span><br> <span style="font-family:monospace"></span></blockquote> <p><br> </p> <p>Is there a clean solution to accomplish something like this? </p></div></div></blockquote><div><br></div><div>No; part of "exactly like a user" literally means that it gets moved by PAM outside of the regular service tracking, so it will be ugly no matter what.</div><div><br></div><div>But reading from /proc/$PID/cgroup is a much more script-friendly method than "systemctl status", even if it doesn't directly give you a unit name... but currently you're grepping the cgroup path anyway, so you could do $(basename "$(</proc/self/cgroup)") to get the needed result.</div><div><br></div><div>So If you really have to make it run that way, then have the startFoo.sh script record its own cgroup (from /proc/self/cgroup) in a file – much like you'd use a pidfile – and then have stopFoo.sh stop the corresponding unit.</div><div><br></div><div>But more generally, I'd really prefer narrowing down that "exactly like a user". Where does that requirement come from? Does the app need to pop up on the user's desktop, or something like that? (Is it a standard desktop or some kind of embedded system with autologon-to-GUI?) In many cases, running it as a *user* service (systemctl --user start...) would be a better approach since it lets the contents of the service stay within their original "service" cgroup and be tracked accordingly.</div><div><br></div></div><span class="gmail_signature_prefix">-- </span><br><div dir="ltr" class="gmail_signature"><div dir="ltr">Mantas Mikulėnas</div></div></div>