46

I have a service in the form of a node.js application set up with Systemd on Raspbian Jessie and it is using its own user account. However, I am finding that the service does not run correctly because it does not have the necessary permissions. One of the node modules I installed requires root access. If I run the application manually with sudo everything works fine.

Is there a way to tell systemd to run the service with sudo?

Luke
  • 507
  • 1
  • 5
  • 11
  • 3
    How does your unit file looks like, add it to your question? Normally `systemd` runs the unit files with root rights. – Thomas Oct 02 '16 at 11:57

4 Answers4

52

tell systemd to run the service with sudo?

sudo has nothing to with it.

Typically you instruct systemd to run a service as a specific user/group with a User= and Group= directive in the [Service] section of the unit file.

Set those to root (or remove them, as running as root is the default).

HBruijn
  • 72,524
  • 21
  • 127
  • 192
36

To clear, systemd system services run as root by default, but there is still a difference between the default behavior and running a system service with User=root.

As documented in Environment variables in spawned processes, these variables are only set if User= is set:

$USER, $LOGNAME, $HOME, $SHELL

I tested to confirm this finding. So if you want to run a systemd service as root that needs one of the above variables, you need to set User=root.

Mark Stosberg
  • 3,771
  • 23
  • 27
3

a temporary solution, but got it to work in a pinch:

/usr/bin/sudo /bin/bash -lc 'bundle exec rails server -e demo -p 80'

Can run with a user who has sudo privileges in a systemd unit file like so:

[Unit]
Description=Rails Webserver
After=syslog.target

[Service]
Type=simple
User=ubuntu
WorkingDirectory=/var/www/webserver
ExecStart=/usr/bin/sudo /bin/bash -lc 'bundle exec rails server -e demo -p 80'
Restart=always
KillSignal=SIGQUIT

[Install]
WantedBy=multi-user.target
daino3
  • 199
  • 1
  • 6
  • This has multiple issues: First, the first two answers explain why using a user and then sudo is unnecessary, and show the right way to do it. Second, you shouldn't be running your webapp as root anyway. Third, your web app should be behind a normal web server such as nginx. – Michael Hampton Oct 25 '18 at 02:45
  • I won't disagree with you on any of your points. But if someone, like myself, wanted a bare-bones, as-fast-as-you-can standup of a server, this is a viable option that works. – daino3 Oct 25 '18 at 02:47
  • Almost as fast as you can. Obviously using `sudo` will slow down startup a bit. And it's unnecessary. – Michael Hampton Oct 25 '18 at 02:48
  • @MichaelHampton I'm trying to write a backdoor, so I've found this answer to be helpful! – Soutzikevich Dec 03 '19 at 22:48
  • @daino no, using sudo has no defence, It is not necessary. It IS run as root by default. – RichieHH Feb 21 '20 at 20:22
1

Run it as a system user in this case by default the service is running as root.

Umut
  • 411
  • 3
  • 3