View previous topic :: View next topic |
Author |
Message |
eatingthenight n00b
Joined: 28 Apr 2018 Posts: 10
|
Posted: Sun May 13, 2018 5:00 pm Post subject: [Solved] Passing env variable to command run by openrc |
|
|
Hello I feel like this should be a fairly easy thing to do but have been unable to find anything on it except this https://forums.gentoo.org/viewtopic-t-881495-start-0.html which is I believe only solving using an environment variable in the openrc script itself not the command that the script is running.
I have tried a few things to pass a command to the process.
First I tried just hacking up the command section to look like this
Code: | command="SSH_AUTH_SOCK=/tmp/some.sock; /usr/bin/command" |
This fails since it thinks SSH_AUTH_SOCK is part of the command. Next I tried using the --env flag that start_stop_daemon_args has but still this was not passing the environment to the process.
Systemd has a Environment="SSH_AUTH_SOCK=/tmp/something.sock" that I am looking to replicate.
Thanks for any help. I'm guessing I missed something simple.
Last edited by eatingthenight on Sun May 13, 2018 6:05 pm; edited 1 time in total |
|
Back to top |
|
|
eatingthenight n00b
Joined: 28 Apr 2018 Posts: 10
|
Posted: Sun May 13, 2018 5:30 pm Post subject: |
|
|
I possibly have some other issue in the actual program I am trying to run.. I did a test that just used /bin/env for the command and I can see that the environment variable is indeed being set and coming through. |
|
Back to top |
|
|
mv Watchman
Joined: 20 Apr 2005 Posts: 6780
|
Posted: Sun May 13, 2018 5:45 pm Post subject: Re: Passing environment variable to command run by openrc |
|
|
It is unclear what you want to achieve.
If you want to pass an environment variable to the init-script you are out of luck.
But if you just want to set the environment variable within the script to a fixed value, you can just do it with standard shell code.
Quote: | Code: | command="SSH_AUTH_SOCK=/tmp/some.sock; /usr/bin/command" |
|
I conjecture that the commands
Code: | SSH_AUTH_SOCK=/tmp/some.sock
export SSH_AUTH_SOCK
command=/usr/bin/command |
do what you intend to. (However, note that using a predictable filename in a world-writable directory like /tmp might be dangerous. You probably want this in a subdirectory of /run which you first create with tmpfiles.d) |
|
Back to top |
|
|
eatingthenight n00b
Joined: 28 Apr 2018 Posts: 10
|
Posted: Sun May 13, 2018 6:04 pm Post subject: |
|
|
Sorry about the lack of clarity you are correct that I do just want to set the environment variable. Your method as well as my original one with passing --env to start-stop-daemon both work however I was doing something silly. In my /etc/conf.d/myservice file I was trying to create a tmpfile and was doing so using SSH_AUTH_SOCK="$(tmpfile -d)/auth.sock" which you might already see as being foolish But I wasn't thinking and this was creating a file with perms of root:root and then I was running my service as nobody:nobody causing it to crash when it went to access the file.
I didn't know about the tmpfiles.d directory and am looking into it right now as I wasn't a big fan of placing this in /tmp as well.
Thanks for the help! |
|
Back to top |
|
|
mv Watchman
Joined: 20 Apr 2005 Posts: 6780
|
Posted: Mon May 14, 2018 6:33 am Post subject: |
|
|
eatingthenight wrote: | SSH_AUTH_SOCK="$(tmpfile -d)/auth.sock" |
You can do this if you explicitly use a start() function in which you do this. (Otherwise a new tempdir is created whenever the service file is source, e.g. even if you just look at the status of the service). Within the start function you can change permissions later on:
Code: | SOCKETDIR=$(fmpfile -d /tmp/ssh.XXXXXXXX
chown nobody:nobody "$SOCKETDIR"
SSH_AUTH_SOCK=$SOCKETDIR/aut.sock |
In addition, you might want to store $SOCKETDIR in some file (e.g. on /run) so that you can remove the directory in the stop() function.
But it might be more useful to keep the socketdir permanently (and with a fixed instead of a randomized name) on /run. You can do this by e.g.
/etc/tmpfiles.d/SERVICE.conf wrote: | d /run/SERVICE 700 nobody nobody - |
/etc/init.d/SERVICE wrote: | export SSH_AUTH_SOCK=/run/SERVICE/auth.sock
export SSH_AUTH_SOCK
command=... |
(of course, SERVICE should be replaced everywhere by a name of your choice; the same name throughout).
The name tmpfiles.d is misleading here, since it actually means a permanent directory. (Well, permanent until the next restart of the system).
Theoretically, you could avoid tmpfiles.d and create the directory and set its permissions in start(), but this duplicates efforts for similar services, costs unnecessary runtime and might in some cases even be less secure since it might come too late (e.g. if you start the service much later than starting the system). (In the current setting, there is no such danger since /run can be only modified by root.) |
|
Back to top |
|
|
|