Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(service): explicitly set user in systemd definition #11066

Merged
merged 1 commit into from
Jun 26, 2023
Merged

fix(service): explicitly set user in systemd definition #11066

merged 1 commit into from
Jun 26, 2023

Conversation

hanshuebner
Copy link
Contributor

@hanshuebner hanshuebner commented Jun 14, 2023
edited
Loading

Summary

Previously, no User clause was present in the systemd unit definition for Kong. While this still made systemd run kong under the 'root' user id, the HOME environment variable would not be set in the Kong process. This caused the datafile library to fail with various error conditions. This really is an EE-only issue at this point, but providing Kong a complete run environment with all standard environment variables is prudent for CE as well.

Checklist

Issue reference

KAG-1832

@hanshuebner
fix(service): explicitly set user in systemd definition
a928442 
Previously, no User clause was present.  While this still made systemd
run kong under the 'root' user id, the HOME environment variable would
not be set in the Kong process.  This caused the datafile library to
fail with various error conditions.
@hanshuebner hanshuebner force-pushed the fix/kag-1832-systemd-service-user branch from d39e66e to a928442 Compare June 14, 2023 09:29
@hanshuebner hanshuebner marked this pull request as ready for review June 14, 2023 09:29
@bungle
Copy link
Member

bungle commented Jun 20, 2023

@fffonion could you take a look at this too? You probably have more context? E.g. what if someone wants to run this with other user? Ever a case? Is there anything implicit about it?

@bungle bungle requested a review from fffonion June 20, 2023 08:35
@fffonion
Copy link
Contributor

I think when User= is omitted, systemd uses root by default (ref: https://www.freedesktop.org/software/systemd/man/systemd.exec.html#User=) @hanshuebner could you explain more context on why does this change fix the datafile issue?

@hanshuebner
Copy link
Contributor Author

I think when User= is omitted, systemd uses root by default (ref: https://www.freedesktop.org/software/systemd/man/systemd.exec.html#User=) @hanshuebner could you explain more context on why does this change fix the datafile issue?

When User= is omitted, the process is indeed run as root, but having a User= specification causes the user environment to be initialized, and in particular the HOME directory was assumed to be set by datafile and absence caused versions older than 0.10 to fail silently. This PR is really just a safeguard to make sure that we always have a valid HOME environment variable. I tried to find documentation or sourcecode evidence of the behavior of systemd, but eventually gave up.

@hanshuebner hanshuebner merged commit 96eb92f into master Jun 26, 2023
@hanshuebner hanshuebner deleted the fix/kag-1832-systemd-service-user branch June 26, 2023 12:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bungle bungle bungle approved these changes

@fffonion fffonion Awaiting requested review from fffonion

Assignees

@hanshuebner hanshuebner

Labels
build/bazel changelog size/XS
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@hanshuebner @bungle @fffonion