0

I am setting up a daemon for a web service and I want to use the systemd DynamicUser=yes feature because it seems cleaner not pollute the user table with a different user for each service.

As is customary, my web service has an integrated command line tool that initializes the database and performs maintenance tasks. This needs to happen as the same user that runs the web service, and it needs to happen before the service runs the first time, because without a database, it will not start up successfully.

I supposed I could just edit the ExecStart= value to run the initializiation and run the unit once as a oneshot, but I was wondering if systemd provides a more convenient way to accomplish the same thing.

cmc
  • 677
  • 6
  • 7

1 Answers1

0

I think I've got it.

systemd-run -p DynamicUser=yes -p StateDirectory=mystatedir --working-directory=/path/to/myworkingdir /path/to/myservice myinitcmd

Cool. Almost like sudo -u myuser /path/to/myservice myinitcmd. I also noticed the init script probably doesn't necessarily need all the finer access restrictions that are possible for the main daemon, and that DynamicUser already implies enough restriction to reasonably safely run the init script.

I just figured this out so please do correct things if you think something looks off.

cmc
  • 677
  • 6
  • 7