Hello!
In this time, I want to run an custom application as a service on my LINUX and want to run with specific user to follow some security policies. Can customize your actionable scripts with this if your are working on systemd related machines.
Need to be running Postfix service before the demonstration! So let me into demonstration about sending system shutdown and startup alert mail to system administrator. I intend this to let system admin know as a proof of machine power state in an incident.
Firstly, must have actionable script or application that you want to run. demo use mail command as a service. I have two scripts. one for system up and one or system down. startupmail.sh was as follow:
1
2
3
#!/bin/bash
DATE=$(date '+%Y-%m-%d %H:%M:%S')
$(mail -s "$HOSTNAME - System Start" [email protected] <<< "$HOSTNAME was started at $DATE")
shutdownmail.sh was as follow:
1
2
3
#!/bin/bash
DATE=$(date '+%Y-%m-%d %H:%M:%S')
$(mail -s "$HOSTNAME - System Shutdown" [email protected] <<< "$HOSTNAME was shutdown at $DATE"; sleep 5)
I put that files(startup.sh and shutdown.sh) under user home directory by making new directory.
Performer is mail4sysdown_n_up.service and should be located under /etc/systemd/system/ directory. It helps to run two actionable scripts as a service.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
[Unit]
Description=Send a mail on Boot and Shutdown Task
Requires=postfix.service
After=network-online.target postfix.service
[Service]
Type=oneshot
User= #scriptUser to run the scripts !root
RemainAfterExit=true
ExecStart=/opt/startupmail.sh
ExecStop=/opt/shutdownmail.sh
[Install]
WantedBy=multi-user.target
Steps to live this service:
1
2
3
4
5
6
$ sudo setfacl -m u:scirptUser:rwx /etc/systemd/system/mail4sysdown_n_up.service
$ sudo chown scirptUser:scriptUser startupmail.sh shtudownmail.sh
$ sudo chmod 755 startupmail.sh shtudownmail.sh
$ sudo systemctl start mail4sysdown_n_up.service
$ sudo systemctl enable mail4sysdown_n_up.service
I am not sure setting ACL under /etc directory is safe.