1 |
Canek Peláez Valdés <caneko@×××××.com> wrote: |
2 |
|
3 |
> On Tue, Aug 27, 2013 at 10:39 AM, <covici@××××××××××.com> wrote: |
4 |
> > Canek Peláez Valdés <caneko@×××××.com> wrote: |
5 |
> > |
6 |
> >> On Tue, Aug 27, 2013 at 9:41 AM, <covici@××××××××××.com> wrote: |
7 |
> >> > Canek Peláez Valdés <caneko@×××××.com> wrote: |
8 |
> >> > |
9 |
> >> >> On Tue, Aug 27, 2013 at 2:46 AM, <covici@××××××××××.com> wrote: |
10 |
> >> >> > Canek Peláez Valdés <caneko@×××××.com> wrote: |
11 |
> >> >> > |
12 |
> >> >> >> On Tue, Aug 27, 2013 at 1:10 AM, <covici@××××××××××.com> wrote: |
13 |
> >> >> >> > Canek Peláez Valdés <caneko@×××××.com> wrote: |
14 |
> >> >> >> > |
15 |
> >> >> >> >> On Mon, Aug 26, 2013 at 11:06 PM, Canek Peláez Valdés <caneko@×××××.com> wrote: |
16 |
> >> >> >> >> > On Mon, Aug 26, 2013 at 10:52 PM, <covici@××××××××××.com> wrote: |
17 |
> >> >> >> >> >> Hi. I am looking for a couple of systemd units which I have not been |
18 |
> >> >> >> >> >> able to find -- one for mailman and one for innd which is a shell script |
19 |
> >> >> >> >> >> by itself. |
20 |
> >> >> >> >> >> |
21 |
> >> >> >> >> >> Thanks in advance for any suggestions. |
22 |
> >> >> >> >> > |
23 |
> >> >> >> >> > I use this one in production for mailman with Gentoo: |
24 |
> >> >> >> >> > |
25 |
> >> >> >> >> > ---------------------------------------------------------------- |
26 |
> >> >> >> >> > [Unit] |
27 |
> >> >> >> >> > Description=Mailman mailing list service |
28 |
> >> >> >> >> > After=network.target |
29 |
> >> >> >> >> > |
30 |
> >> >> >> >> > [Service] |
31 |
> >> >> >> >> > Type=forking |
32 |
> >> >> >> >> > ExecStart=/usr/lib/mailman/bin/mailmanctl -s start |
33 |
> >> >> >> >> > ExecStop=/usr/lib/mailman/bin/mailmanctl stop |
34 |
> >> >> >> >> > User=mailman |
35 |
> >> >> >> >> > Group=mailman |
36 |
> >> >> >> >> > |
37 |
> >> >> >> >> > [Install] |
38 |
> >> >> >> >> > WantedBy=multi-user.target |
39 |
> >> >> >> >> > ---------------------------------------------------------------- |
40 |
> >> >> >> >> > |
41 |
> >> >> >> >> > I don't have any for innd. |
42 |
> >> >> >> >> |
43 |
> >> >> >> >> If innd is the one from net-nntp/inn, then the following should work: |
44 |
> >> >> >> >> |
45 |
> >> >> >> >> ---------------------------------------------------------------- |
46 |
> >> >> >> >> [Unit] |
47 |
> >> >> >> >> Description=The Internet News daemon |
48 |
> >> >> >> >> Documentation=man:innd(8) |
49 |
> >> >> >> >> ConditionPathExists=/var/run/news |
50 |
> >> >> >> >> |
51 |
> >> >> >> >> [Service] |
52 |
> >> >> >> >> Type=simple |
53 |
> >> >> >> >> ExecStart=/usr/lib/news/bin/rc.news |
54 |
> >> >> >> >> ExecStop=/usr/lib/news/bin/rc.news stop |
55 |
> >> >> >> >> User=news |
56 |
> >> >> >> >> Group=news |
57 |
> >> >> >> >> |
58 |
> >> >> >> >> [Install] |
59 |
> >> >> >> >> WantedBy=multi-user.target |
60 |
> >> >> >> >> ---------------------------------------------------------------- |
61 |
> >> >> >> >> |
62 |
> >> >> >> >> If the binary rc.news forks itself (and there is no option to force it |
63 |
> >> >> >> >> to run in the foreground), use Type=forking. The former is preferred |
64 |
> >> >> >> >> over the latter. Also, to guarantee that the directory /var/run/news |
65 |
> >> >> >> >> always is present, add the following to a new file |
66 |
> >> >> >> >> /etc/tmpfiles.d/innd.conf: |
67 |
> >> >> >> >> |
68 |
> >> >> >> >> ---------------------------------------------------------------- |
69 |
> >> >> >> >> d /var/run/news 0755 news news 10d - |
70 |
> >> >> >> >> ---------------------------------------------------------------- |
71 |
> >> >> >> >> |
72 |
> >> >> >> >> You can replace 10d with - (hypen), so the directory is never cleaned |
73 |
> >> >> >> >> automatically. If you try this unit and it works as expected, please |
74 |
> >> >> >> >> let us know. |
75 |
> >> >> >> >> |
76 |
> >> >> >> > |
77 |
> >> >> >> > OK, thanks again. I have one question which this brings up -- and this |
78 |
> >> >> >> > applies to openrc as well -- I never have let it migrate /var/run to |
79 |
> >> >> >> > /run and /var/lock likewise because I have directories in those which |
80 |
> >> >> >> > are owned by various users, etc. and the packages themselves almost |
81 |
> >> >> >> > never create such -- is putting things in /etc/tmpfiles.d the correct |
82 |
> >> >> >> > way to fix this? |
83 |
> >> >> >> |
84 |
> >> >> >> tmpfiles.d is from systemd: |
85 |
> >> >> >> |
86 |
> >> >> >> http://www.freedesktop.org/software/systemd/man/tmpfiles.d.html |
87 |
> >> >> >> |
88 |
> >> >> >> However, I think OpenRC developers were thinking about supporting it. |
89 |
> >> >> >> I don't know if that actually happened. |
90 |
> >> >> >> |
91 |
> >> >> >> With systemd in Gentoo, /var/run is bind mounted from /run, and it's a |
92 |
> >> >> >> tmpfs dir, so everything there goes away after a reboot. The config |
93 |
> >> >> >> files in tmpfiles.d allows the creation (and automatic removal) of |
94 |
> >> >> >> directories and files there. |
95 |
> >> >> >> |
96 |
> >> >> >> I don't know if it's the "correct" way to fix anything; but it works. |
97 |
> >> >> >> |
98 |
> >> >> > Can I use the d action to change the permissions of an existing |
99 |
> >> >> > directory and if not, how can I do this? |
100 |
> >> >> |
101 |
> >> >> I don't think so. The contents of /run (and /var/run before it) are, |
102 |
> >> >> by definition, used only at run time. They are not intended to be |
103 |
> >> >> preserved, and they actually should be cleaned from time to time |
104 |
> >> >> (hence the age field in tmpfiles.d). Therefore tmpfiles.d only deals |
105 |
> >> >> with creation (and cleaning up) of files/directories, not "updating" |
106 |
> >> >> them, since they should not be even present when the system boots up. |
107 |
> >> >> |
108 |
> >> >> The files in /etc/tmpfiles.d are used by the systemd-tmpfiles-* units, |
109 |
> >> >> and (AFAIU) they only create files/directories at boot time, and then |
110 |
> >> >> only clean afterwards. |
111 |
> >> >> |
112 |
> >> >> My /run directory is really empty. When my systems boot up, systemd |
113 |
> >> >> mounts a tmpfs on it: |
114 |
> >> >> |
115 |
> >> >> # mount | grep "on /run" |
116 |
> >> >> tmpfs on /run type tmpfs (rw,nosuid,nodev,mode=755) |
117 |
> >> >> |
118 |
> >> >> Then the var-run.mount unit binds mount /run into /var/run. So no |
119 |
> >> >> file/directory there is actually written into any physical disk ever. |
120 |
> >> > |
121 |
> >> > But I need to change the permissions of /var/lock to 777, if I can't use |
122 |
> >> > tmpfiles.d how can I do this? |
123 |
> >> |
124 |
> >> chmod 777 /var/lock? I don't understand the question. What program do |
125 |
> >> you need that requires universal writing access for /var/lock? In my |
126 |
> >> systems, /var/lock is either bind mounted from /run/lock, or a soft |
127 |
> >> link to /run/lock, and /run/lock is root:root and 755. |
128 |
> >> |
129 |
> > |
130 |
> > I need regular users to put files in /var/lock and it is annoying to |
131 |
> > have to change the permissions and so I have it on a file system and |
132 |
> > never need to touch it. |
133 |
> |
134 |
> OK; you need to mask var-lock.mount (systemctl mask var-lock.mount), |
135 |
> and then I think you only need to do chmod 777 /var/lock once. Just be |
136 |
> aware that this is not how it should work in systemd, it's not |
137 |
> supported, and any unnecessary world-writable directory is generally a |
138 |
> bad idea. |
139 |
> |
140 |
> http://lists.freedesktop.org/archives/systemd-devel/2011-March/001823.html |
141 |
> |
142 |
> So, in a few words, if it breaks you get to keep both pieces. |
143 |
|
144 |
I understand and if there were a way to do this automatically during |
145 |
boot I would do it, but since there is not such a way I will mask out |
146 |
the /var/lock mount as suggested. |
147 |
|
148 |
Thanks. |
149 |
|
150 |
-- |
151 |
Your life is like a penny. You're going to lose it. The question is: |
152 |
How do |
153 |
you spend it? |
154 |
|
155 |
John Covici |
156 |
covici@××××××××××.com |