mtkennerly / shawl

Windows service wrapper for arbitrary commands
MIT License
518 stars 15 forks source link

Shawl

Shawl is a wrapper for running arbitrary programs as Windows services, written in Rust. It handles the Windows service API for you so that your program only needs to respond to ctrl-C/SIGINT. If you're creating a project that needs to run as a service, simply bundle Shawl with your project, set it as the entry point, and pass the command to run via CLI.

Installation

Usage

Here is an example of creating a service wrapped with Shawl (note that -- separates Shawl's own options from the command that you'd like it to run):

Shawl will inspect the state of your program in order to report the correct status to Windows:

CLI

You can view the full command line help text in docs/cli.md.

Logging

Shawl creates a log file for each service, shawl_for_<service>_*.log (based on the --name), in the same location as the Shawl executable, with both its own messages and the output from the commands that it runs. If anything goes wrong, you can read the log to find out more. You can disable all logging with --no-log, and you can disable just the command logs with --no-log-cmd. By default, each log file is limited to 2 MB, and up to 2 rotated copies will be retained.

Accounts

Bear in mind that the default account for new services is the Local System account, which has a different PATH environment variable than your user account. If you configure Shawl to run a command like npm start, that means npm needs to be in the Local System account's PATH, or you could also change the account used by the service instead.

Also note that running a service with a Local System account is as dangerous as running a Unix service as root. This greatly increases the risk of your system being hacked if you expose a port to the public for the service you are going to wrap. It is recommended that you use a restricted account, such as Network Service, to run services. To do this, first grant the Network Service account read, write, and execute permissions on Shawl's installation directory, and then execute sc config my-app obj= "NT AUTHORITY\Network Service" password= "". If the service needs to read and write files, you may also need to grant the Network Service permissions to the directory that the service wants to access. More information about Windows service user accounts can be found here.

Recovery

If you want to use the service recovery feature of Windows itself when Shawl gives up trying to restart the wrapped command, then make sure to turn on the "enable actions for stops with errors" option in the service properties.

Comparison with other tools

Shawl differs from existing solutions like WinSW and NSSM in that they require running a special install command to prepare the service. That can be inconvenient in cases like installing a service via an MSI, where you would need to run a CustomAction. With Shawl, you can configure the service however you want, such as with the normal MSI ServiceInstall or by running sc create, because Shawl doesn't have any special setup of its own. The shawl add command is just an optional convenience.

Development

Please refer to CONTRIBUTING.md.