0

Which user is a systemd service run as by default in a centos if no user is explicitly specified?

My assumption was that the service would then run as root. However, there seem to be differences in terms of permissions if you explicitly specify User=root.

[Unit]
Requires=docker.service
After=docker.service

[Service]
User=root
...
ExecStartPre=/usr/local/bin/docker-compose down -v --remove-orphans
ExecStartPre=/usr/local/bin/docker-compose rm -fv

ExecStart=/usr/local/bin/docker-compose up --remove-orphans

[Install]
WantedBy=multi-user.target

In this specific case, a docker compose up is executed in the systemd service. The docker images are obtained via the ECR. The credentials for this are provided using amazon-ecr-credential-helper.

When trying to get the image from the ECR, the error message you get is "no basic auth credentials".

But since everything works as desired if you specify the user=root in the systemd service, I assume that the configuration of the amazon-ecr-credential-helper works with docker and that the problem is to be found in the systemd context.

Does any of you have any idea what the explicit specification user=root does?

user5580578
  • 1,134
  • 1
  • 12
  • 28

1 Answers1

0

From man systemd.exec:

User=, Group=

Set the UNIX user or group that the processes are executed as, respectively. Takes a single user or group name, or a numeric ID as argument. For system services (services run by the system service manager, i.e. managed by PID 1) and for user services of the root user (services managed by root's instance of systemd --user), the default is "root", but User= may be used to specify a different user...

The default is already root. Specifying User=root does not change anything except perhaps to be explicit so a reader understands that this is really being run by root. It makes no difference to systemd

Stewart
  • 4,356
  • 2
  • 27
  • 59