bash 在 systemd 服务中使用用户的 .bashrc
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/49764993/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Using a user's .bashrc in a systemd service
提问by Charles Duffy
I am using systemd service for my script I need to set environment vaules from a home/user/.bashrc
我正在为我的脚本使用 systemd 服务我需要从 home/user/.bashrc 设置环境值
source /home/user/.bashrcnot works in script and systemd seed don't support sourcing function.
Help me
source /home/user/.bashrc不适用于脚本和 systemd 种子不支持采购功能。帮我
回答by Charles Duffy
If you must...
如果你必须...
Instead of trying to generate an EnvironmentFile, have a shell execute your startup scripts and thenexecute your command. This avoids steps that can introduce a mismatch (as between how envstores your environment, and how the systemd EnvironmentFileoption loads it).
与其尝试生成 EnvironmentFile,不如让 shell 执行您的启动脚本,然后执行您的命令。这避免了可能引入不匹配的步骤(例如在如何env存储环境和 systemdEnvironmentFile选项如何加载它之间)。
To source your target user's startup scripts:
要获取目标用户的启动脚本:
[Service]
Type=simple
User=user
Group=user
ExecStart=/bin/bash -l -c 'exec "$@"' _ your-command arg1 arg2 ...
To source an arbitrary file:
要获取任意文件:
Here, instead of using bash -lto run a login shell, we explicitly source $0, and pass /home/user/.bashrcin that position.
在这里,我们没有使用bash -l来运行登录 shell,而是显式地 source$0并传入/home/user/.bashrc该位置。
[Service]
Type=simple
User=user
Group=user
ExecStart=/bin/bash -c '. "##代码##" && exec "$@"' /home/user/.bashrc your-command arg1 arg2 ...
But Don't. Really.
但不要。真的。
.bashrcfiles are generally intended for setting up interactive environments. This means that their settings are often not appropriate for services.- Building a separate
EnvironmentFilethat you hand-audit for your service means you know exactlywhat the service is running with, and can configure it separately from the interactive environment. Ifyou've hand-audited that EnvironmentFile to have the same meaning when executed by a shell, you could also runset -a; source /path/to/your-environment-file; set +ain your.bashrcto pull its environment variables in. - From a security perspective, it's generally unwise to let a service modify any executable code it runs -- providing such permissions means that an attacker who has breached a service can make their breach persistent even without any secondary privilege escalation attacks. Using an
EnvironmentFilein a non-user-writable location like/etc/conf.dis thus safer than a dotfile under that user's home directory.
.bashrc文件通常用于设置交互式环境。这意味着它们的设置通常不适用于服务。EnvironmentFile为您的服务构建一个单独的手动审计意味着您确切地知道服务正在运行什么,并且可以从交互环境中单独配置它。如果您已经手动审核了该 EnvironmentFile 在由 shell 执行时具有相同的含义,您还可以set -a; source /path/to/your-environment-file; set +a在您.bashrc的环境中运行以提取其环境变量。- 从安全角度来看,让服务修改它运行的任何可执行代码通常是不明智的——提供这样的权限意味着破坏服务的攻击者即使没有任何二次提权攻击也可以使他们的破坏持续存在。因此,
EnvironmentFile在非用户可写的位置使用 an/etc/conf.d比在该用户的主目录下使用 dotfile 更安全。
