Systemd unit file: Can/Should ExecStart and ExecStop run a script?

Lennart Poettering mzerqung at 0pointer.de
Wed Oct 19 22:09:49 UTC 2011


On Wed, 19.10.11 16:20, Richard Shaw (hobbes1069 at gmail.com) wrote:

> 
> On Wed, Oct 19, 2011 at 3:58 PM, Tom Hughes <tom at compton.nu> wrote:
> > On 19/10/11 21:48, Richard Shaw wrote:
> >>
> >> On Wed, Oct 19, 2011 at 3:26 PM, Lennart Poettering
> >> <mzerqung at 0pointer.de>  wrote:
> >>>
> >>> You should manage acess control of device nodes from udev rules. That's
> >>> the only reasonably safe way to handle these things. And this should not
> >>> be mentioned at all in systemd unit files.
> 
> Ok based on Tom's file I came up with the following. I know Lennart,
> you don't like setting ACL's from Systemd, but unless someone want's
> to help me write udev rules that will run before the start of
> mythbackend and after it's stopped, this is all I have:
> 
> [Unit]
> Description=MythTV backend service
> After=network.target mysqld.service
> 
> [Service]
> Type=forking
> PIDFile=/var/run/mythbackend.pid
> Environment=MYTHCONFDIR=/etc/mythtv
> Environment=HOME=/etc/mythtv
> Environment=MYTHBACKEND_USER=root
> EnvironmentFile=-/etc/sysconfig/mythbackend
> ExecStartPre=setfacl -m u:${MYTHBACKEND_USER}:x -R /dev/snd /dev/dvb
> /dev/video* /dev/vbi*
> ExecStart=/usr/bin/mythbackend --daemon --user $MYTHBACKEND_USER
> --logfile /var/log/mythtv/mythbackend.log --pidfile
> /var/run/mythbackend.pid $OPTIONS
> ExecStopPost=setfacl -x u:${MYTHBACKEND_USER} -R /dev/snd /dev/dvb
> /dev/video* /dev/vbi*

So, ignoring that access management should not be done with systemd, and
that as others already suggested it's much better to just add the
MYTHBACKEND_USER to the audio and video groups, and not make it
configurable (in fact MYTHCONFDIR shouldn't be configurable either. You
are just creating confusion with adding an option for that, not helping
anybody), these lines won't work, since systemd is not a shell and will
not expand the shell expressions /dev/video* and suchlike, and requires
absolute paths for the binary names.

Lennart

-- 
Lennart Poettering - Red Hat, Inc.


More information about the devel mailing list