Using as a system service and not a user service

[ga2k]

I will be running this on a web / email / subversion server, and so the mounted filesystem needs to be available without any users being logged in.

I tried what I successfully did with abraunegg's onedrive, and modify the user system file to become a system system file, but I've had no joy. Here's what happens when I try to start the service.

root@test:~# systemctl start onedriver
root@test:~# systemctl status onedriver
● onedriver.service - OneDriver
     Loaded: loaded (/lib/systemd/system/onedriver.service; disabled; vendor preset: enabled)
     Active: failed (Result: exit-code) since Mon 2022-01-24 00:35:00 AEST; 2s ago
    Process: 3987 ExecStart=/usr/bin/onedriver -c /var/onedriver-cache /var/onedrive (code=exited, status=1/FAILURE)
    Process: 4011 ExecStopPost=/usr/bin/fusermount -uz /var/onedrive (code=exited, status=1/FAILURE)
   Main PID: 3987 (code=exited, status=1/FAILURE)

Jan 24 00:35:00 test systemd[1]: Started OneDriver.
Jan 24 00:35:00 test onedriver[3987]: 00:35:00 INF onedriver v0.12.0 73d93207
Jan 24 00:35:00 test onedriver[3987]: Unable to init server: Could not connect: Connection refused
Jan 24 00:35:00 test onedriver[3987]: cannot open display: 
Jan 24 00:35:00 test systemd[1]: onedriver.service: Main process exited, code=exited, status=1/FAILURE
Jan 24 00:35:00 test fusermount[4011]: /usr/bin/fusermount: failed to unmount /var/onedrive: Invalid argument
Jan 24 00:35:00 test systemd[1]: onedriver.service: Control process exited, code=exited, status=1/FAILURE
Jan 24 00:35:00 test systemd[1]: onedriver.service: Failed with result 'exit-code'.

and here's the onedriver.service file as I've tried it.

      [Unit]
      Description=OneDriver
      After=network-online.target
      Wants=network-online.target

      [Service]
      ExecStart=/usr/bin/onedriver -c /var/onedriver-cache /var/onedrive
      ExecStopPost=/usr/bin/fusermount -uz /var/onedriver-cache
      Restart=on-abnormal
      RestartSec=3
      RestartForceExitStatus=2

      User=root
      Group=root

      [Install]
      WantedBy=default.target
      EOF

I don't know if it's failing because there's no GUI on this machine, or because of something else. Is what I'm doing logical? Feasible? Possible?

Also, could you implement a command line switch to go along with --no-browser so I can pass the URI on the command line, please?

Thanks for your thoughts. Geoff.

[jstaf]

I am 99% sure the errors you're seeing are because the FUSE kernel module doesn't allow root to mount the filesystem (and likewise access from other users). Check out man mount.fuse for more info.

Right now onedriver has to be an unprivilged user, and only that user can access the files on the filesystem. The user doesn't necessarily need to be logged in however- you can just sudo su - to that user, start the onedriver user service via systemd, and then exit out I think (systemd should keep things running even though the user has logged out).

However, the restriction to non-root users/only the user who mounted being able to access the files is relatively easy to change. Let me make allow_root and allow_other into command line options when setting up the mountpoint.

---

Also, could you implement a command line switch to go along with --no-browser so I can pass the URI on the command line, please?

Which URI are you talking about? The mountpoint? The authentication URL? I'm a little unclear on what you want for this one.

[ga2k]

Thanks for taking the time to answer. For my second question I was referring to the response token uri returned from Microsoft. If I could get the token up front, I could get my vm build script to input it at the appropriate time for a completely hands off install of vm, os, and one drive files.

For the first part, I’ll study what you’ve written and have a good think.

Cheers, Geoff.

Sent from my iPhone

On 24 Jan 2022, at 8:38 am, Jeff Stafford @.***> wrote:



I am 99% sure the errors you're seeing are because the FUSE kernel module doesn't allow root to mount the filesystem (and likewise access from other users). Check out man mount.fuse for more info.

Right now onedriver has to be an unprivilged user, and only that user can access the files on the filesystem. The user doesn't necessarily need to be logged in however- you can just sudo su - to that user, start the onedriver user service via systemd, and then exit out I think (systemd should keep things running even though the user has logged out).

However, the restriction to non-root users/only the user who mounted being able to access the files is relatively easy to change. Let me make allow_root and allow_other into command line options when setting up the mountpoint.

---

Also, could you implement a command line switch to go along with --no-browser so I can pass the URI on the command line, please?

Which URI are you talking about? The mountpoint? The authentication URL? I'm a little unclear on what you want for this one.

— Reply to this email directly, view it on GitHubhttps://apac01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fjstaf%2Fonedriver%2Fissues%2F228%23issuecomment-1019582151&data=04%7C01%7C%7C825039e066f34aa1ea2f08d9dec11c10%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637785743267618687%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=5x3yQKia%2Bnak38rF5gUSjaWcMdn0yr%2BhQuMC5ehne38%3D&reserved=0, or unsubscribehttps://apac01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fnotifications%2Funsubscribe-auth%2FAGDW5FMKAYFHUPK4ERIITADUXR7O3ANCNFSM5MTNZBQA&data=04%7C01%7C%7C825039e066f34aa1ea2f08d9dec11c10%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637785743267618687%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=GaaD%2BS0yfOlJ8TDJ%2BSa01ccB%2BCSGTbqTIIFPrPknS%2BQ%3D&reserved=0. Triage notifications on the go with GitHub Mobile for iOShttps://apac01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fapps.apple.com%2Fapp%2Fapple-store%2Fid1477376905%3Fct%3Dnotification-email%26mt%3D8%26pt%3D524675&data=04%7C01%7C%7C825039e066f34aa1ea2f08d9dec11c10%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637785743267618687%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=eiG6EE5QeAf4p2%2FsseHM8sFPqvEIOTBB0Qf1XZavDZw%3D&reserved=0 or Androidhttps://apac01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fplay.google.com%2Fstore%2Fapps%2Fdetails%3Fid%3Dcom.github.android%26referrer%3Dutm_campaign%253Dnotification-email%2526utm_medium%253Demail%2526utm_source%253Dgithub&data=04%7C01%7C%7C825039e066f34aa1ea2f08d9dec11c10%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637785743267618687%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=MtSBfVfcLHBEzDClshsf2diTXk1BCcmo%2Fpv2frAY3cY%3D&reserved=0. You are receiving this because you authored the thread.Message ID: @.***>

[jstaf]

Ah, yeah so for the token/URI w/ the auth code, it might not be that doable for automation. The auth codes have pretty short lifetimes (like a few minutes), so you can't really store an auth code or otherwise include it in a script. The URI is the auth code described in the authentication flow here (it's an intermediate step in the authentication workflow): https://docs.microsoft.com/en-us/graph/auth-v2-user#authorization-response

What you can probably do instead is just copy around the resulting auth_tokens.json file. This file remains valid for a longer period of time (it lasts weeks instead of just a few minutes and onedriver is allowed to renew the credentials contained within). This auth_tokens.json file will also eventually expire, but you can generate it up front from a different machine with onedriver -a and then copy that to the server (in your case, you'd copy it to /var/onedriver-cache/auth_tokens.json).

[prbuen]

options allow_root and allow_other to be passed on to mount.fuse would be great so that root can view (and search) the drive.

[D3XX3R]

Would love to be able to access the mount from other user. Can't access the mount from Docker

[noworrieseh]

Just a tip for those still stuck. I was able to work around this by using Unionfs with allow_other set on it. I can now access onedriver mount from docker.

[univeous]

Just a tip for those still stuck. I was able to work around this by using Unionfs with allow_other set on it. I can now access onedriver mount from docker.

Could you tell us how exactly you did that? I would very appreciate.