Table of Contents
By default most of the systemd services are configured to run by root user but there is also an option to create a custom systemd service unit file and run it as a speciic user or group or both. So in this article we will check and verify the steps to run systemd service as specific user and group using CentOS/RHEL 7/8 Linux environment.
I have installed Oracle VirtualBox on a Linux server, where I will use a Virtual Machine with RHEL/CentOS 7/8 to verify the steps from this article.
Some more articles on similar topic:
- How to execute a command or script with systemd at shutdown only and not at reboot in Linux
- How to execute a command or script with systemd right before login prompt appears on terminal in Linux
- How to execute a command or script at system startup using systemd without using cronjob in Linux
- How to execute a command or script after N minutes of boot up (system startup) with systemd in Linux
- How to halt system reboot or shutdown and read user input during boot up stage in Linux
- How to execute a command or script using systemd right before shutdown happens in Linux
- How to run a service as a specific user or group using systemd in Linux
Step 1: Overview on systemd
I hope you are already familiar with below topics
- Overview on systemd and how it is different from legacy SysV scripts
- How to create a systemd unit file in Linux
Step 2: Create user and Group
Now this is an optional steps assuming you already have your user and group ready for next steps. But if you do not then you can follow this article to create a new user and assign a custom group (primary or secondary) to the respective user.
- How to create a new user without using useradd command in Linux
- Steps to add a user to a group or remove a user from a group (primary or secondary) in Linux or Unix
Here I have already created a user deepak
who is part of deepak
and admin group
[root@centos-8 ~]# useradd deepak [root@centos-8 ~]# passwd deepak <-- Here the screen will prompt to assign a new password
To verify the groups of any user
[root@centos-8 ~]# id deepak uid=1000(deepak) gid=1000(deepak) groups=1000(deepak),1001(admin)
So we wish to create a systemd service unit file and run systemd service as specific user and group which for us will be deepak
user part of admin
group
Step 3: Create Sample Script
We will use our startup script from old articles with some tweaks to check and run systemd service as specific user and group in Linux
[root@centos-8 ~]# mkdir -p /opt/golinuxcloud [root@centos-8 ~]# cat /opt/golinuxcloud/startup_script.sh #!/bin/bash if [[ `id -nu` != "deepak" ]];then echo "Not deepak user, exiting.." exit 1 fi SCRIPT_NAME=$(basename -- "$0") z=0 for i in {1..3}; do sleep 1m ((z++)) echo "$SCRIPT_NAME: finished minute ${z}" >> /opt/golinuxcloud/file done echo "$SCRIPT_NAME: COMPLETELY FINISHED" >> /opt/golinuxcloud/file
So in this script we have added an explicit check for user, so unless the user executing the script is "deepak
", the script will fail to execute. If successful the script will continue to write in /opt/golinuxcloud/file
for 3 minutes with 1 minute interval. This will also help us make sure that the script does not exits before completing it's defined task
Change the ownership of the script file to deepak
[root@centos-8 ~]# chown deepak:deepak /opt/golinuxcloud/startup_script.sh
Provide executable permission to the script
[root@centos-8 ~]# chmod u+x /opt/golinuxcloud/startup_script.sh [root@centos-8 ~]# ls -l /opt/golinuxcloud/startup_script.sh -r-xr--r-- 1 deepak deepak 304 Jan 17 01:58 /opt/golinuxcloud/startup_script.sh
We will execute the script manually to make sure it works as expected
[root@centos-8 ~]# /opt/golinuxcloud/startup_script.sh
Not deepak user, exiting..
Step 4: Create unit file to run systemd service as specific user and group
Now as highlighted under step 1, I have already written another article with the steps to create a new systemd unit file. Here we will name our systemd unit file as run-as-user.service
under /etc/systemd/system
. Below is the content of run-as-user.service
[root@centos-8 ~]# cat /etc/systemd/system/run-as-user.service [Unit] Description=Run service as user deepak DefaultDependencies=no After=network.target [Service] Type=simple User=deepak Group=admin ExecStart=/opt/golinuxcloud/startup_script.sh TimeoutStartSec=0 RemainAfterExit=yes [Install] WantedBy=default.target
Here we have defined User=deepak
and Group=admin
to make sure the script will be executed only as user deepak
which is part of admin
group.
You can also use many other directives if required in your environment such as WorkingDirectory
, EnvironmentFile
etc. For more information check man page of systemd.exec
Refresh the systemd configuration files
[root@centos-8 ~]# systemctl daemon-reload
Next enable the service (if required) to start automatically at boot
[root@centos-8 ~]# systemctl enable run-as-user.service Created symlink /etc/systemd/system/shutdown.target.wants/run-as-user.service → /etc/systemd/system/run-as-user.service.
Step 5: Verify the systemd unit file configuration
Now since we are done with the setting up of systemd. Let us verify our configuration. Before starting I have cleared the content of /opt/golinuxcloud/file
which is where our script /opt/golinuxcloud/startup_script.sh
will place dummy content every minutes for 3 minutes.
We will only start the run-as-user.service
runtime as a reboot is not required to validate the configuration here:
[root@centos-8 ~]# systemctl restart run-as-user.service
Next check the status of the service
[root@centos-8 ~]# systemctl status run-as-user.service
● run-as-user.service - Run service as user deepak
Loaded: loaded (/etc/systemd/system/run-as-user.service; enabled; vendor preset: disabled)
Active: active (exited) since Fri 2020-01-17 02:09:32 IST; 2h 31min ago
Process: 24113 ExecStart=/opt/golinuxcloud/startup_script.sh (code=exited, status=0/SUCCESS)
Main PID: 24113 (code=exited, status=0/SUCCESS)
Jan 17 02:09:32 centos-8.example.com systemd[1]: Started Run service as user deepak.
Well looks like everything was good as we were able to run systemd service as specific user and group, you can check the ps
status to make sure our script is running using below command:
[root@centos-8 ~]# ps -ef | grep startup
deepak 26877 1 0 04:42 ? 00:00:00 /bin/bash /opt/golinuxcloud/startup_script.sh
root 26890 7625 0 04:42 pts/0 00:00:00 grep --color=auto startup
Now you can monitor the content of /opt/golinuxcloud/file
for couple of minutes as configured in the script
[root@centos-8 ~]# cat /opt/golinuxcloud/file startup_script.sh: finished minute 1 startup_script.sh: finished minute 2 startup_script.sh: finished minute 3 startup_script.sh: COMPLETELY FINISHED
Lastly I hope the steps from the article to run systemd service as specific user and group in CentOS/RHEL 7/8 Linux was helpful. So, let me know your suggestions and feedback using the comment section.
Related Searches: run service as user linux. systemd allow user to start service. systemd start service as user on boot. linux systemd service run as root. Restarting systemd service only as a specific user? systemd services fail with User= in service file. Start process as a specific user. how to run a service a non-root user completely?