You are not logged in.
Hi,
I've got two services:
A is a simple service for the application server.
B is a oneshot service that update the server files.
Both are started with basic user without privileges for security and ownership reasons.
A is enable and started.
B is timed to launch Fri *-*-* 17:00:00.
A and B are conflicted so when B start, A is automatically stopped.
Here is the problem:
When B start on Friday, A is stopped as expected. But when B has finished is work, A still inactive.
What I want is B to start A automatically when the update is finished.
"ExecStopPost=" was a good found but doesn't work due to B launching with basic user permission and can't manage services.
I've also tried to launch B with privileges and doing the update inside "su" environment inside a script but without success, the update is anyway done as root.
The compromise could be to timed A to start Fri *-*-* 17:30:00 because updates aren't expected to take more than 15 minutes.
But if it is the case the conflict will mess up B and the update.
If anyone have an idea, I am open.
Last edited by Artyom (2021-03-03 09:16:24)
Offline
Maybe you could run them as system services and make use of credantials to drop some privileges to fulfill security requirements? Other way to go is to make these services aware of each other and use some kind of resource locking (e.g. lock files) to be able to run them at the same time without crashing.
Offline
They already are system services using simple user credential.
But the service B can't start A with ExecStopPost because of this.
For the locking system, it is just not possible, updated files are actively used by the server.
Offline
Well, well, well.
Sometimes, we just need to return to basics and RTFM.
From: https://www.freedesktop.org/software/sy … rvice.html
If the executable path is prefixed with "+" then the process is executed with full privileges. In this mode privilege restrictions configured with User=, Group=, CapabilityBoundingSet= or the various file system namespacing options (such as PrivateDevices=, PrivateTmp=) are not applied to the invoked command line (but still affect any other ExecStart=, ExecStop=, … lines).
Offline