Gentoo Archives: gentoo-user

From: covici@××××××××××.com
To: gentoo-user@l.g.o
Subject: Re: [gentoo-user] looking for a couple of systemd units
Date: Tue, 27 Aug 2013 20:13:15
Message-Id: 30724.1377634378@ccs.covici.com
In Reply to: Re: [gentoo-user] looking for a couple of systemd units by "Canek Peláez Valdés"
1 Canek Peláez Valdés <caneko@×××××.com> wrote:
2
3 > On Tue, Aug 27, 2013 at 10:39 AM, <covici@××××××××××.com> wrote:
4 > > Canek Peláez Valdés <caneko@×××××.com> wrote:
5 > >
6 > >> On Tue, Aug 27, 2013 at 9:41 AM, <covici@××××××××××.com> wrote:
7 > >> > Canek Peláez Valdés <caneko@×××××.com> wrote:
8 > >> >
9 > >> >> On Tue, Aug 27, 2013 at 2:46 AM, <covici@××××××××××.com> wrote:
10 > >> >> > Canek Peláez Valdés <caneko@×××××.com> wrote:
11 > >> >> >
12 > >> >> >> On Tue, Aug 27, 2013 at 1:10 AM, <covici@××××××××××.com> wrote:
13 > >> >> >> > Canek Peláez Valdés <caneko@×××××.com> wrote:
14 > >> >> >> >
15 > >> >> >> >> On Mon, Aug 26, 2013 at 11:06 PM, Canek Peláez Valdés <caneko@×××××.com> wrote:
16 > >> >> >> >> > On Mon, Aug 26, 2013 at 10:52 PM, <covici@××××××××××.com> wrote:
17 > >> >> >> >> >> Hi. I am looking for a couple of systemd units which I have not been
18 > >> >> >> >> >> able to find -- one for mailman and one for innd which is a shell script
19 > >> >> >> >> >> by itself.
20 > >> >> >> >> >>
21 > >> >> >> >> >> Thanks in advance for any suggestions.
22 > >> >> >> >> >
23 > >> >> >> >> > I use this one in production for mailman with Gentoo:
24 > >> >> >> >> >
25 > >> >> >> >> > ----------------------------------------------------------------
26 > >> >> >> >> > [Unit]
27 > >> >> >> >> > Description=Mailman mailing list service
28 > >> >> >> >> > After=network.target
29 > >> >> >> >> >
30 > >> >> >> >> > [Service]
31 > >> >> >> >> > Type=forking
32 > >> >> >> >> > ExecStart=/usr/lib/mailman/bin/mailmanctl -s start
33 > >> >> >> >> > ExecStop=/usr/lib/mailman/bin/mailmanctl stop
34 > >> >> >> >> > User=mailman
35 > >> >> >> >> > Group=mailman
36 > >> >> >> >> >
37 > >> >> >> >> > [Install]
38 > >> >> >> >> > WantedBy=multi-user.target
39 > >> >> >> >> > ----------------------------------------------------------------
40 > >> >> >> >> >
41 > >> >> >> >> > I don't have any for innd.
42 > >> >> >> >>
43 > >> >> >> >> If innd is the one from net-nntp/inn, then the following should work:
44 > >> >> >> >>
45 > >> >> >> >> ----------------------------------------------------------------
46 > >> >> >> >> [Unit]
47 > >> >> >> >> Description=The Internet News daemon
48 > >> >> >> >> Documentation=man:innd(8)
49 > >> >> >> >> ConditionPathExists=/var/run/news
50 > >> >> >> >>
51 > >> >> >> >> [Service]
52 > >> >> >> >> Type=simple
53 > >> >> >> >> ExecStart=/usr/lib/news/bin/rc.news
54 > >> >> >> >> ExecStop=/usr/lib/news/bin/rc.news stop
55 > >> >> >> >> User=news
56 > >> >> >> >> Group=news
57 > >> >> >> >>
58 > >> >> >> >> [Install]
59 > >> >> >> >> WantedBy=multi-user.target
60 > >> >> >> >> ----------------------------------------------------------------
61 > >> >> >> >>
62 > >> >> >> >> If the binary rc.news forks itself (and there is no option to force it
63 > >> >> >> >> to run in the foreground), use Type=forking. The former is preferred
64 > >> >> >> >> over the latter. Also, to guarantee that the directory /var/run/news
65 > >> >> >> >> always is present, add the following to a new file
66 > >> >> >> >> /etc/tmpfiles.d/innd.conf:
67 > >> >> >> >>
68 > >> >> >> >> ----------------------------------------------------------------
69 > >> >> >> >> d /var/run/news 0755 news news 10d -
70 > >> >> >> >> ----------------------------------------------------------------
71 > >> >> >> >>
72 > >> >> >> >> You can replace 10d with - (hypen), so the directory is never cleaned
73 > >> >> >> >> automatically. If you try this unit and it works as expected, please
74 > >> >> >> >> let us know.
75 > >> >> >> >>
76 > >> >> >> >
77 > >> >> >> > OK, thanks again. I have one question which this brings up -- and this
78 > >> >> >> > applies to openrc as well -- I never have let it migrate /var/run to
79 > >> >> >> > /run and /var/lock likewise because I have directories in those which
80 > >> >> >> > are owned by various users, etc. and the packages themselves almost
81 > >> >> >> > never create such -- is putting things in /etc/tmpfiles.d the correct
82 > >> >> >> > way to fix this?
83 > >> >> >>
84 > >> >> >> tmpfiles.d is from systemd:
85 > >> >> >>
86 > >> >> >> http://www.freedesktop.org/software/systemd/man/tmpfiles.d.html
87 > >> >> >>
88 > >> >> >> However, I think OpenRC developers were thinking about supporting it.
89 > >> >> >> I don't know if that actually happened.
90 > >> >> >>
91 > >> >> >> With systemd in Gentoo, /var/run is bind mounted from /run, and it's a
92 > >> >> >> tmpfs dir, so everything there goes away after a reboot. The config
93 > >> >> >> files in tmpfiles.d allows the creation (and automatic removal) of
94 > >> >> >> directories and files there.
95 > >> >> >>
96 > >> >> >> I don't know if it's the "correct" way to fix anything; but it works.
97 > >> >> >>
98 > >> >> > Can I use the d action to change the permissions of an existing
99 > >> >> > directory and if not, how can I do this?
100 > >> >>
101 > >> >> I don't think so. The contents of /run (and /var/run before it) are,
102 > >> >> by definition, used only at run time. They are not intended to be
103 > >> >> preserved, and they actually should be cleaned from time to time
104 > >> >> (hence the age field in tmpfiles.d). Therefore tmpfiles.d only deals
105 > >> >> with creation (and cleaning up) of files/directories, not "updating"
106 > >> >> them, since they should not be even present when the system boots up.
107 > >> >>
108 > >> >> The files in /etc/tmpfiles.d are used by the systemd-tmpfiles-* units,
109 > >> >> and (AFAIU) they only create files/directories at boot time, and then
110 > >> >> only clean afterwards.
111 > >> >>
112 > >> >> My /run directory is really empty. When my systems boot up, systemd
113 > >> >> mounts a tmpfs on it:
114 > >> >>
115 > >> >> # mount | grep "on /run"
116 > >> >> tmpfs on /run type tmpfs (rw,nosuid,nodev,mode=755)
117 > >> >>
118 > >> >> Then the var-run.mount unit binds mount /run into /var/run. So no
119 > >> >> file/directory there is actually written into any physical disk ever.
120 > >> >
121 > >> > But I need to change the permissions of /var/lock to 777, if I can't use
122 > >> > tmpfiles.d how can I do this?
123 > >>
124 > >> chmod 777 /var/lock? I don't understand the question. What program do
125 > >> you need that requires universal writing access for /var/lock? In my
126 > >> systems, /var/lock is either bind mounted from /run/lock, or a soft
127 > >> link to /run/lock, and /run/lock is root:root and 755.
128 > >>
129 > >
130 > > I need regular users to put files in /var/lock and it is annoying to
131 > > have to change the permissions and so I have it on a file system and
132 > > never need to touch it.
133 >
134 > OK; you need to mask var-lock.mount (systemctl mask var-lock.mount),
135 > and then I think you only need to do chmod 777 /var/lock once. Just be
136 > aware that this is not how it should work in systemd, it's not
137 > supported, and any unnecessary world-writable directory is generally a
138 > bad idea.
139 >
140 > http://lists.freedesktop.org/archives/systemd-devel/2011-March/001823.html
141 >
142 > So, in a few words, if it breaks you get to keep both pieces.
143
144 I understand and if there were a way to do this automatically during
145 boot I would do it, but since there is not such a way I will mask out
146 the /var/lock mount as suggested.
147
148 Thanks.
149
150 --
151 Your life is like a penny. You're going to lose it. The question is:
152 How do
153 you spend it?
154
155 John Covici
156 covici@××××××××××.com