Systemd unit file: Can/Should ExecStart and ExecStop run a script?
Richard Shaw
hobbes1069 at gmail.com
Wed Oct 19 23:28:37 UTC 2011
On Wed, Oct 19, 2011 at 5:09 PM, Lennart Poettering
<mzerqung at 0pointer.de> wrote:
> On Wed, 19.10.11 16:20, Richard Shaw (hobbes1069 at gmail.com) wrote:
>> Ok based on Tom's file I came up with the following. I know Lennart,
>> you don't like setting ACL's from Systemd, but unless someone want's
>> to help me write udev rules that will run before the start of
>> mythbackend and after it's stopped, this is all I have:
>>
>> [Unit]
>> Description=MythTV backend service
>> After=network.target mysqld.service
>>
>> [Service]
>> Type=forking
>> PIDFile=/var/run/mythbackend.pid
>> Environment=MYTHCONFDIR=/etc/mythtv
>> Environment=HOME=/etc/mythtv
>> Environment=MYTHBACKEND_USER=root
>> EnvironmentFile=-/etc/sysconfig/mythbackend
>> ExecStartPre=setfacl -m u:${MYTHBACKEND_USER}:x -R /dev/snd /dev/dvb
>> /dev/video* /dev/vbi*
>> ExecStart=/usr/bin/mythbackend --daemon --user $MYTHBACKEND_USER
>> --logfile /var/log/mythtv/mythbackend.log --pidfile
>> /var/run/mythbackend.pid $OPTIONS
>> ExecStopPost=setfacl -x u:${MYTHBACKEND_USER} -R /dev/snd /dev/dvb
>> /dev/video* /dev/vbi*
>
> So, ignoring that access management should not be done with systemd, and
> that as others already suggested it's much better to just add the
> MYTHBACKEND_USER to the audio and video groups, and not make it
> configurable (in fact MYTHCONFDIR shouldn't be configurable either. You
> are just creating confusion with adding an option for that, not helping
> anybody), these lines won't work, since systemd is not a shell and will
> not expand the shell expressions /dev/video* and suchlike, and requires
> absolute paths for the binary names.
Well, as I had already mentioned I more or less relented, so I'm all
for the a/v group method. My main concern is how to apply this. If
someone has already been running mythbackend as root then all the
recordings will be owned by root, in which case mythbackend will be
unable to expire (delete) them.
In order to fix this retroactively, I would have to do an sql query
using the login credentials for mythbackend and pull the recording
groups, then go to each recording group directory and chown all the
recordings. That's a mess.
Richard
More information about the devel
mailing list