Discussion:
StandardOutput and StandardError permissions and ownership
(too old to reply)
Kamil Jońca
2018-09-21 21:26:52 UTC
Permalink
I have service unit with is run as user news and have redirected
standard output stderr.
ie.

--8<---------------cut here---------------start------------->8---
[Service]
User=news
Type=oneshot
StandardOutput=file:%T/use-newsx/%n.out
StandardError=file:%T/use-newsx/%n.err
....
--8<---------------cut here---------------end--------------->8---
But I standard output is owned by root. How can I make it owned by news?
This is template service, so I cannot use /etc/tmpfiles.d - I do not
know file names in advance.

KJ
--
http://wolnelektury.pl/wesprzyj/teraz/
Spokojnie... To tylko prowokacja.
Lennart Poettering
2018-09-24 13:53:32 UTC
Permalink
Post by Kamil Jońca
I have service unit with is run as user news and have redirected
standard output stderr.
ie.
--8<---------------cut here---------------start------------->8---
[Service]
User=news
Type=oneshot
StandardOutput=file:%T/use-newsx/%n.out
StandardError=file:%T/use-newsx/%n.err
....
--8<---------------cut here---------------end--------------->8---
But I standard output is owned by root. How can I make it owned by news?
This is template service, so I cannot use /etc/tmpfiles.d - I do not
know file names in advance.
This is currently not explicitly supported. Please file an RFE issue
on github if you think this would be useful to you.

You should be able to make this work without explicit support
however. Adding something like this to [Service] should work (untested):

ExecStartPre=+/bin/chown news:news /proc/self/fd/1 /proc/self/fd/2

(It's key to specify "+", as that means the chown is invoked with full
privs. And this uses the fact that /proc/self/fd/1 and /proc/self/fd/2
are magic paths that refer to the files opened as stdout/stderr)

Lennart
--
Lennart Poettering, Red Hat
Continue reading on narkive:
Loading...