How to configure a systemd service in RHEL7 to run as a custom user or group
https://access.redhat.com/solutions/2295041
SOLUTION 已验证 - 已更新 2018年一月12日09:23 -
环境
- Red Hat Enterprise Linux 7
问题
- How can I configure a systemd service in Red Hat Enterprise Linux (RHEL) 7 to run as a custom user or group?
- How to run services in RHEL7 under a non-standard user?
- How to change user or group of systemd service unit?
决议
-
Create
/etc/systemd/system/<SERVICE>.service.d/
directory
Example:# mkdir -p /etc/systemd/system/tomcat.service.d
-
Create new
/etc/systemd/system/<SERVICE>.service.d/<NAME>.conf
file with the following format[Service] User=someuser Group=somegroup
Notes:
- The filename must end in
.conf
but is otherwise arbitrary -- examples:local.conf
,custom-user.conf
,99-user.conf
1 - Specify
User=<USER>
orGroup=<GROUP>
or both
- The filename must end in
-
Reload systemd manager configuration
# systemctl daemon-reload
-
Start/restart service
# systemctl restart <SERVICE>
Example
-
Make
foo.service
execute as the custom "fu" user and with "baz" group credentials:# mkdir -p /etc/systemd/system/foo.service.d # cat - >/etc/systemd/system/foo.service.d/99-custom.conf << END [Service] User=fu Group=baz END # systemctl daemon-reload # systemctl restart foo
-
If there are multiple drop-files, it might be important to recognize that files will be read in lexical order -- directives set in
z.conf
could override directives set ina.conf
. See "Overriding vendor settings" example at end ofsystemd.unit(5)
man page. ↩