Starting with systemd only works as root

wayne.workman

Hi,

I have a perfectly healthy installation of nodeBB at home on Debian9, works great if I start it with ./nodebb start but I'm trying to get systemd to start it.

I've found this: https://docs.nodebb.org/configuring/running/ which was a big step in the right direction.

My nodebb directory is here: /root/nodebb
and I've made a user called nodebb

This .service file works:

[Unit]
Description=NodeBB
Documentation=https://docs.nodebb.org
After=system.slice multi-user.target mongod.service

[Service]
Type=forking
User=root

StandardOutput=syslog
StandardError=syslog
SyslogIdentifier=nodebb

WorkingDirectory=/root/nodebb
ExecStart=/usr/bin/env node loader.js
Restart=always

[Install]
WantedBy=multi-user.target

When I change the user from root to nodebb, and do a systemctl daemon-reload (or a reboot), and then try to start the service, it fails. These are the errors that appear in the system journal:

-- Unit nodebb.service has begun starting up.
Feb 25 18:55:34 debian nodebb[854]: internal/modules/cjs/loader.js:583
Feb 25 18:55:34 debian nodebb[854]:     throw err;
Feb 25 18:55:34 debian nodebb[854]:     ^
Feb 25 18:55:34 debian nodebb[854]: Error: Cannot find module '/root/nodebb/loader.js'
Feb 25 18:55:34 debian nodebb[854]:     at Function.Module._resolveFilename (internal/modules/cjs/loader.js:581:15)
Feb 25 18:55:34 debian nodebb[854]:     at Function.Module._load (internal/modules/cjs/loader.js:507:25)
Feb 25 18:55:34 debian nodebb[854]:     at Function.Module.runMain (internal/modules/cjs/loader.js:742:12)
Feb 25 18:55:34 debian nodebb[854]:     at startup (internal/bootstrap/node.js:283:19)
Feb 25 18:55:34 debian nodebb[854]:     at bootstrapNodeJSCore (internal/bootstrap/node.js:743:3)
Feb 25 18:55:34 debian systemd[1]: nodebb.service: Control process exited, code=exited status=1
Feb 25 18:55:34 debian systemd[1]: Failed to start NodeBB.
-- Subject: Unit nodebb.service has failed
-- Defined-By: systemd
-- Support: https://www.debian.org/support
-- 
-- Unit nodebb.service has failed.
-- 
-- The result is failed.
Feb 25 18:55:34 debian systemd[1]: nodebb.service: Unit entered failed state.
Feb 25 18:55:34 debian systemd[1]: nodebb.service: Failed with result 'exit-code'.
Feb 25 18:55:35 debian systemd[1]: nodebb.service: Service hold-off time over, scheduling restart.
Feb 25 18:55:35 debian systemd[1]: Stopped NodeBB.
-- Subject: Unit nodebb.service has finished shutting down
-- Defined-By: systemd
-- Support: https://www.debian.org/support
-- 
-- Unit nodebb.service has finished shutting down.
Feb 25 18:55:35 debian systemd[1]: nodebb.service: Start request repeated too quickly.
Feb 25 18:55:35 debian systemd[1]: Failed to start NodeBB.
-- Subject: Unit nodebb.service has failed
-- Defined-By: systemd
-- Support: https://www.debian.org/support
-- 
-- Unit nodebb.service has failed.

I've ensured that the nodebb user owns the /root/nodebb directory with
chown -R nodebb:nodebb /root/nodebb

Any ideas?

julian

Regular user cannot own /root... probably. Either way it's probably a bad idea to do it that way.

Reinstall nodebb under the /home/nodebb, and run it as the nodebb user.

julian

... oh yeah, and then chown -R root:root /root to fix the incorrect permissions for that folder too.

doekia

Here is a working .service, but I concur with @julian, do not put your nodebb inside the /root folder. Pretty good chance it will ruin your security at some point.

[Unit]
Description=NodeBB
Documentation=https://docs.nodebb.org
After=system.slice multi-user.target mongod.service

[Service]
Type=simple
User=nodebb

StandardOutput=syslog
StandardError=syslog
SyslogIdentifier=nodebb

WorkingDirectory=/var/www/nodebb/NodeBB/
ExecStart=/usr/bin/env node loader.js --no-silent --no-daemon
Restart=always

[Install]
WantedBy=multi-user.target

scottalanmiller

@wayne-workman said in Starting with systemd only works as root:

My nodebb directory is here: /root/nodebb

This is the private home directory for the root user. It's sole purpose is to lock things down to root. Use /opt for system level software.

julian

@scottalanmiller I always wondered... Is it an anti pattern to change ownership of folders in /opt to specific users? I always assumed everything in there was supposed to be owned by root too

scottalanmiller

@julian said in Starting with systemd only works as root:

@scottalanmiller I always wondered... Is it an anti pattern to change ownership of folders in /opt to specific users? I always assumed everything in there was supposed to be owned by root too

/opt is definitely open to "user owned" files. We assume that it will be "service users" rather than end users. So users like apache, nodebb, etc.

You would treat /opt exactly the same as you would treat /var/www/html which "always" uses a service user for file ownership.

The Worms

@scottalanmiller said in Starting with systemd only works as root:

@wayne-workman said in Starting with systemd only works as root:

My nodebb directory is here: /root/nodebb

This is the private home directory for the root user. It's sole purpose is to lock things down to root. Use /opt for system level software.

or /srv

julian

... ahh, Linux

While you're here why don't you symlink /usr/bin/nodebb to /opt/nodebb/nodebb?

scottalanmiller

@The-Worms said in Starting with systemd only works as root:

@scottalanmiller said in Starting with systemd only works as root:

@wayne-workman said in Starting with systemd only works as root:

My nodebb directory is here: /root/nodebb

This is the private home directory for the root user. It's sole purpose is to lock things down to root. Use /opt for system level software.

or /srv

That works, too. But is non-standard. I prefer /opt because of 50 years of where we expect the software to go.

But I use /srv sometimes, too.

wayne.workman

I did get this working.
I moved the nodebb working directory to /home/nodebb/nodebb and changed ownership of that to nodebb:nodebb, now it starts up on boot as the nodebb user just fine.

Thank you all very much for the help.