[Opendnssec-user] Dropping exec perms -- running daemons as == ods USER/GROUP, !root ?
PGNet Dev
pgnet.dev at gmail.com
Thu Dec 22 14:22:01 UTC 2016
On 12/22/2016 01:25 AM, Yuri Schaeffer wrote:
> Though did you find out what made the
> difference for the mailer script?
no, unfortunately no specific resolution :-/
it was a 'holiday surprise'; when I put all that^^ in place, it simply started mailing.
Given that I was switching to non-root operation, it 'smells like' perms, but I never did get any error messages ...
> Also, if you are willing I'd be happy
> to include the systemd files in contrib/ dir in our release.
sure. with the caveats that they're trivial, work in my ENV with systemd 228, & are as yet untested in a production setup,
cat /etc/systemd/system/ods-signer.service
[Unit]
Description=OpenDNSSEC v2 Signer daemon
After=syslog.target network-online.target
[Service]
Type=forking
PIDFile=/var/run/opendnssec/signerd.pid
ExecStart=/bin/sh -c '/usr/local/opendnssec/sbin/ods-signerd -d &'
[Install]
WantedBy=multi-user.target
cat /etc/systemd/system/ods-enforcer.service
[Unit]
Description=OpenDNSSEC v2 Enforcer daemon
After=syslog.target network-online.target
Wants=ods-signer.service
After=ods-signer.service
[Service]
Type=forking
PIDFile=/var/run/opendnssec/enforcerd.pid
ExecStart=/bin/sh -c '/usr/local/opendnssec/sbin/ods-enforcerd -d &'
[Install]
WantedBy=multi-user.target
More information about the Opendnssec-user
mailing list