Systemd unit file: Can/Should ExecStart and ExecStop run a script?

Wed Oct 19 23:34:22 UTC 2011

On Wed, 19.10.11 18:28, Richard Shaw (hobbes1069 at gmail.com) wrote:

> 
> On Wed, Oct 19, 2011 at 5:09 PM, Lennart Poettering
> <mzerqung at 0pointer.de> wrote:
> > On Wed, 19.10.11 16:20, Richard Shaw (hobbes1069 at gmail.com) wrote:
> >> Ok based on Tom's file I came up with the following. I know Lennart,
> >> you don't like setting ACL's from Systemd, but unless someone want's
> >> to help me write udev rules that will run before the start of
> >> mythbackend and after it's stopped, this is all I have:
> >>
> >> [Unit]
> >> Description=MythTV backend service
> >> After=network.target mysqld.service
> >>
> >> [Service]
> >> Type=forking
> >> PIDFile=/var/run/mythbackend.pid
> >> Environment=MYTHCONFDIR=/etc/mythtv
> >> Environment=HOME=/etc/mythtv
> >> Environment=MYTHBACKEND_USER=root
> >> EnvironmentFile=-/etc/sysconfig/mythbackend
> >> ExecStartPre=setfacl -m u:${MYTHBACKEND_USER}:x -R /dev/snd /dev/dvb
> >> /dev/video* /dev/vbi*
> >> ExecStart=/usr/bin/mythbackend --daemon --user $MYTHBACKEND_USER
> >> --logfile /var/log/mythtv/mythbackend.log --pidfile
> >> /var/run/mythbackend.pid $OPTIONS
> >> ExecStopPost=setfacl -x u:${MYTHBACKEND_USER} -R /dev/snd /dev/dvb
> >> /dev/video* /dev/vbi*
> >
> > So, ignoring that access management should not be done with systemd, and
> > that as others already suggested it's much better to just add the
> > MYTHBACKEND_USER to the audio and video groups, and not make it
> > configurable (in fact MYTHCONFDIR shouldn't be configurable either. You
> > are just creating confusion with adding an option for that, not helping
> > anybody), these lines won't work, since systemd is not a shell and will
> > not expand the shell expressions /dev/video* and suchlike, and requires
> > absolute paths for the binary names.
> 
> Well, as I had already mentioned I more or less relented, so I'm all
> for the a/v group method. My main concern is how to apply this. If
> someone has already been running mythbackend as root then all the
> recordings will be owned by root, in which case mythbackend will be
> unable to expire (delete) them.
> 
> In order to fix this retroactively, I would have to do an sql query
> using the login credentials for mythbackend and pull the recording
> groups, then go to each recording group directory and chown all the
> recordings. That's a mess.

Where are these recordings stored? Don't they have a common root
directory? Wouldn't a chown in that directory suffice? (it might be a
bit unfriendly to chown them away btw, adding an ACL for your user might
be a nicer solution)

Lennart

-- 
Lennart Poettering - Red Hat, Inc.