Discussion:
Systemd not able to spawn Exec permission denied
(too old to reply)
Krunal Patel
2018-10-07 08:12:22 UTC
Permalink
Hi,

My systemdctl script not able to start service as non root user sdc. It gives error with not able to spawn /path/to/streamsets : Permission Denied. /path/to/streamsets has root ownership and group streamsets has execute permission as root user. Can you suggest if my systemd is currupted? Other server systemd able to start service as sdc user from root systemd. There systemd is running as switched-root , but in server where i get error has no switched-root option in systemd process. Is it related? Please suggest. SDC user has nologin shell.

Thanks,

Krunal.
Reindl Harald
2018-10-07 13:37:08 UTC
Permalink
Am 07.10.18 um 10:12 schrieb Krunal Patel:
> My systemdctl script not able to start service as non root user
> sdc. It gives error with not able to spawn /path/to/streamsets :
> Permission Denied.   /path/to/streamsets has root ownership and group
> streamsets has execute permission as root user. Can you suggest if my
> systemd is currupted? Other server systemd able to start service as sdc
> user from root systemd. There systemd is running as switched-root , but
> in server where i get error has no switched-root option in systemd
> process. Is it related? Please suggest. SDC user has nologin shell

please post complete systemd units to help others helping you
Krunal Patel
2018-10-08 05:17:07 UTC
Permalink
Hi,



We have total 6 servers . 1 server is started with switched-root system option. Where sdc.service through systemd running fine. But other 5 servers, systemd is running with –switched-root option where we are not able to start. I am not sure if systemd is corrupted or some other issue.



System unit are as below:



sdc.service



# Copyright 2017 StreamSets Inc.

#

# Licensed under the Apache License, Version 2.0 (the "License");

# you may not use this file except in compliance with the License.

# You may obtain a copy of the License at

#

# http://www.apache.org/licenses/LICENSE-2.0

#

# Unless required by applicable law or agreed to in writing, software

# distributed under the License is distributed on an "AS IS" BASIS,

# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

# See the License for the specific language governing permissions and

# limitations under the License.



[Unit]

Description=StreamSets Data Collector (SDC)



[Service]

User=sdc

Group=sdc

LimitNOFILE=32768

Environment=SDC_CONF=/etc/sdc

Environment=SDC_HOME=/opt/streamsets-datacollector

Environment=SDC_LOG=/var/log/sdc

Environment=SDC_DATA=/var/lib/sdc

ExecStart=/opt/streamsets-datacollector/bin/streamsets dc -verbose

TimeoutSec=60



[Install]

WantedBy=multi-user.target





sdc.socket



# Copyright 2017 StreamSets Inc.

#

# Licensed under the Apache License, Version 2.0 (the "License");

# you may not use this file except in compliance with the License.

# You may obtain a copy of the License at

#

# http://www.apache.org/licenses/LICENSE-2.0

#

# Unless required by applicable law or agreed to in writing, software

# distributed under the License is distributed on an "AS IS" BASIS,

# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

# See the License for the specific language governing permissions and

# limitations under the License.



[Unit]

After=network-online.target

Requires=network-online.target



[Socket]

ListenStream=18630

ListenStream=0.0.0.0:18630



[Install]

WantedBy=sockets.target







Thanks,



Krunal.



________________________________
From: systemd-devel <systemd-devel-***@lists.freedesktop.org> on behalf of Reindl Harald <***@thelounge.net>
Sent: Sunday, October 7, 2018 7:07:08 PM
To: systemd-***@lists.freedesktop.org
Subject: Re: [systemd-devel] Systemd not able to spawn Exec permission denied



Am 07.10.18 um 10:12 schrieb Krunal Patel:
> My systemdctl script not able to start service as non root user
> sdc. It gives error with not able to spawn /path/to/streamsets :
> Permission Denied. /path/to/streamsets has root ownership and group
> streamsets has execute permission as root user. Can you suggest if my
> systemd is currupted? Other server systemd able to start service as sdc
> user from root systemd. There systemd is running as switched-root , but
> in server where i get error has no switched-root option in systemd
> process. Is it related? Please suggest. SDC user has nologin shell

please post complete systemd units to help others helping you
Krunal Patel
2018-10-08 05:54:44 UTC
Permalink
Hi,

Actual SDC_HOME is under /opt/apps/current which is symlink of /opt/apps/streamsets-datacollector-3.5.0. So you can consider other paths accordingly.

Thanks,

Krunal.

________________________________
From: systemd-devel <systemd-devel-***@lists.freedesktop.org> on behalf of Krunal Patel <***@outlook.com>
Sent: Monday, October 8, 2018 10:47:07 AM
To: Reindl Harald; systemd-***@lists.freedesktop.org
Subject: Re: [systemd-devel] Systemd not able to spawn Exec permission denied


Hi,



We have total 6 servers . 1 server is started with switched-root system option. Where sdc.service through systemd running fine. But other 5 servers, systemd is running with –switched-root option where we are not able to start. I am not sure if systemd is corrupted or some other issue.



System unit are as below:



sdc.service



# Copyright 2017 StreamSets Inc.

#

# Licensed under the Apache License, Version 2.0 (the "License");

# you may not use this file except in compliance with the License.

# You may obtain a copy of the License at

#

# http://www.apache.org/licenses/LICENSE-2.0

#

# Unless required by applicable law or agreed to in writing, software

# distributed under the License is distributed on an "AS IS" BASIS,

# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

# See the License for the specific language governing permissions and

# limitations under the License.



[Unit]

Description=StreamSets Data Collector (SDC)



[Service]

User=sdc

Group=sdc

LimitNOFILE=32768

Environment=SDC_CONF=/etc/sdc

Environment=SDC_HOME=/opt/streamsets-datacollector

Environment=SDC_LOG=/var/log/sdc

Environment=SDC_DATA=/var/lib/sdc

ExecStart=/opt/streamsets-datacollector/bin/streamsets dc -verbose

TimeoutSec=60



[Install]

WantedBy=multi-user.target





sdc.socket



# Copyright 2017 StreamSets Inc.

#

# Licensed under the Apache License, Version 2.0 (the "License");

# you may not use this file except in compliance with the License.

# You may obtain a copy of the License at

#

# http://www.apache.org/licenses/LICENSE-2.0

#

# Unless required by applicable law or agreed to in writing, software

# distributed under the License is distributed on an "AS IS" BASIS,

# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

# See the License for the specific language governing permissions and

# limitations under the License.



[Unit]

After=network-online.target

Requires=network-online.target



[Socket]

ListenStream=18630

ListenStream=0.0.0.0:18630



[Install]

WantedBy=sockets.target







Thanks,



Krunal.



________________________________
From: systemd-devel <systemd-devel-***@lists.freedesktop.org> on behalf of Reindl Harald <***@thelounge.net>
Sent: Sunday, October 7, 2018 7:07:08 PM
To: systemd-***@lists.freedesktop.org
Subject: Re: [systemd-devel] Systemd not able to spawn Exec permission denied



Am 07.10.18 um 10:12 schrieb Krunal Patel:
> My systemdctl script not able to start service as non root user
> sdc. It gives error with not able to spawn /path/to/streamsets :
> Permission Denied. /path/to/streamsets has root ownership and group
> streamsets has execute permission as root user. Can you suggest if my
> systemd is currupted? Other server systemd able to start service as sdc
> user from root systemd. There systemd is running as switched-root , but
> in server where i get error has no switched-root option in systemd
> process. Is it related? Please suggest. SDC user has nologin shell

please post complete systemd units to help others helping you
Lennart Poettering
2018-10-08 09:02:41 UTC
Permalink
On Mo, 08.10.18 05:17, Krunal Patel (***@outlook.com) wrote:

> [Unit]
> Description=StreamSets Data Collector (SDC)
>
> [Service]
> User=sdc
> Group=sdc
> LimitNOFILE=32768
> Environment=SDC_CONF=/etc/sdc
> Environment=SDC_HOME=/opt/streamsets-datacollector
> Environment=SDC_LOG=/var/log/sdc
> Environment=SDC_DATA=/var/lib/sdc
> ExecStart=/opt/streamsets-datacollector/bin/streamsets dc -verbose
> TimeoutSec=60

You run this binary as "sdc" user. Are you sure that the "sdc" user
has access to every component in the
/opt/streamsets-datacollector/bin/streamsets path?

Lennart

--
Lennart Poettering, Red Hat
Continue reading on narkive:
Loading...