Bug ID | 966223 |
---|---|
Summary | Permission denied if run as systemd service |
Classification | openSUSE |
Product | openSUSE Distribution |
Version | Leap 42.1 |
Hardware | Other |
OS | Other |
Status | NEW |
Severity | Normal |
Priority | P5 - None |
Component | Basesystem |
Assignee | bnc-team-screening@forge.provo.novell.com |
Reporter | fvogt@suse.com |
QA Contact | qa-bugs@suse.de |
Found By | --- |
Blocker | --- |
Running openQA on Leap 42.1.
openqa workers are started with the following service file:
> [Unit]
> Description=openQA Worker #%i
> Wants=apache2.service openqa-webui.service network.target
> After=apache2.service openqa-webui.service network.target openqa-slirpvde.service
> PartOf=openqa-worker.target
>
> [Service]
> Type=simple
> PermissionsStartOnly=True
> ExecStartPre=/usr/bin/install -d -m 0755 -o %u /var/lib/openqa/pool/%i
> ExecStart=/usr/share/openqa/script/worker --instance %i
> User=_openqa-worker
> KillMode=mixed
>
> [Install]
> WantedBy=multi-user.target
So the perl script is started as _openqa-worker user.
This works fine for normal use, but if networking (VDE or OVS) is enabled, it
causes various permission denied errors.
Currently it's failing when trying to execute a binary (vdecmd/unixcmd), for no
apparent reason. Before that it failed when accessing tapX IFs.
As those didn't make any sense (Owner of the files/taps was _openqa-worker) I
tried starting the workers manually with "sudo -u _openqa-worker", which works
just fine.
Is this a configuration issue (what's the difference between
"User=_openqa-worker" and "sudo -u _openqa-worker"?) or a genuine bug?