Reputation: 7553
Can non-sudo user add systemd units?
I have a pair of application with a lot of crons and daemon workers (rabbitmq consumers).
I want to give permissions to some users to deploy apps, but not administrative permissions. The problem is: daemon workers are managed by systemd units and changing of systemd units requires root access.
How can we solve this solution? I know that I can use supervisord instead of systemd, but it's a last resort and I really don't want to switch to it.
Upvotes: 0
Views: 783
Answers (1)
Reputation: 2406
You can't allow a user to start a service as root (or as any other user), but users can start units in with user bus, just place them in ~/.config/systemd/user/ (create the dir if does not exist), then you can
systemctl --user daemon-reload
systemctl --user start <your service>.service
systemctl --user status <your service>.service
Also user can start "transient units" as themself, using the same user-bus, and then manage them (start, stop, kill, restart, etc) as regular units.
Transient units are exactly like regular units but cant survive server restarts...
you start them with systemd-run --user and then manage them with systemctl --user
example
$ systemd-run --user /bin/sleep 300
Running as unit: run-r6545f2e54ffc4f30b15f5dcabb280e5a.service
$ systemctl --user status run-r6545f2e54ffc4f30b15f5dcabb280e5a.service
● run-r6545f2e54ffc4f30b15f5dcabb280e5a.service - /bin/sleep 300
Loaded: loaded (/run/user/1000/systemd/transient/run-r6545f2e54ffc4f30b15f5
Transient: yes
Active: active (running) since Thu 2018-03-15 20:31:52 PDT; 15s ago
Main PID: 21095 (sleep)
CGroup: /user.slice/user-1000.slice/[email protected]/run-r6545f2e54ffc4f30
└─21095 /bin/sleep 300
$ systemctl --user stop run-r6545f2e54ffc4f30b15f5dcabb280e5a.service
$ systemctl --user status run-r6545f2e54ffc4f30b15f5dcabb280e5a.service
Unit run-r6545f2e54ffc4f30b15f5dcabb280e5a.service could not be found.
Note on older systemd, make sure the dbus is running on your system, and accessible for the user, in general make sure you have DBUS_SESSION_BUS_ADDRESS and XDG_RUNTIME_DIR environment variable set.
Upvotes: 1
Related Questions
- How to add initial users when starting a RabbitMQ Docker container?
- RabbitMQ create custom user roles
- Permissions that need to be assigned for a RabbitMQ monitoring user
- Rabbitmq installation and admin user creation
- How to add a RabbitMQ user while RabbitMQ is not live
- How to pass supervisor an environment variable from the docker run command
- Units from non root user (for commands start/stop/enable/disable)
- RabbitMq: Adding user permanently?
- Restart Rabbitmq cluster with different user
- How to properly manage rabbitmq with supervisord