Missing user/group in systemd unit files

[racke]

The Sympa daemons all running as user sympa eventually. So why don't we use something like the following in the service sections of the systemd unit files?

RuntimeDirectory=sympa
WorkingDirectory=/home/sympa
User=sympa
Group=sympa
PIDFile=/run/sympa/sympa.pid

[ikedas]

RuntimeDirectory looks useful. Currently it is created using tmpfiles.d(5) configuration.

If Systemd could do the other things, Sympa may not manage them.

Currently, daemons of Sympa do these things by themselves:

1. chdir to home directory.
2. Detach console.
3. Set a new process group and become adopted by init(8).
4. Create/update/remove a PID file.
5. Redirect stderr.
6. setuid sympa user.
7. Set umask.

Besides, how can we manage them by external mechanism on the other platforms than Systemd?

[racke]

Systemd can manage the other things for sure. For other platforms (FreeBSD) we can use a supervisor like runit. I am going to test how Sympa behaves if started as sympa user.

[racke]

Sympa also checks whether all needed files and directories are present.

Jun 04 17:14:03 buster-test-box sympa/health_check[2412]: err main::#250 > Conf::checkfiles_as_root#613 Failed to create aliases file /etc/mail/sympa_aliases
Jun 04 17:14:03 buster-test-box sympa.pl[2412]: Missing files.

Errors can be prevented by making sure that these files exists.

[ikedas]

Systemd can manage the other things for sure. For other platforms (FreeBSD) we can use a supervisor like runit. I am going to test how Sympa behaves if started as sympa user.

On macOS, launchd looks doing similar.

[racke]

Got all daemons started as sympa user, so it looks promising.