Page 1 of 1
Domoticz runs as root, and pid file for monit
Posted: Saturday 24 August 2019 11:49
by AllesVanZelf
If I do "top" I can see that Domoticz runs as root. I do not like that. I want it to run as pi.
Domoticz starts from /etc/init.d/domoticz.sh as described here:
wiki.
If I start it via /etc/systemd/system/domoticz.service with the User = pi variable, domoticz runs as pi. That's okay.
But, via domoticz.service it is not possible to define a pid file. like: /var/run/domoticz.pid. And this pid file I need for Monit monitoring as described in:
wiki
Is it possible to start and run domoticz as pi, instead of root with the init.d method? Or is it possible to define a pid file for domoticz via /etc/systemd?
Re: Domoticz runs as root, and pid file for monit
Posted: Monday 26 August 2019 22:31
by AllesVanZelf
I just found issue:
avoid running as root, actually use --chuid #3172
I tried to add: --chuid $USERNAME to the start-stop-daemon line, like:
Code: Select all
start-stop-daemon --chuid $USERNAME --start --quiet --pidfile $PIDFILE --exec $DAEMON -- \
$DAEMON_ARGS \
|| return 2
But if I restart domotics as :
I get an pid file error. the pid file is not created then. It should have been placed in : /var/run/domoticz.pid
Can anyone help me with this?
Re: Domoticz runs as root, and pid file for monit
Posted: Monday 26 August 2019 23:15
by waaren
AllesVanZelf wrote: ↑Monday 26 August 2019 22:31
... I get an pid file error. the pid file is not created then. It should have been placed in : /var/run/domoticz.pid
I don't use systemd for domoticz myself yet and still run domoticz as root (And yes I know this not the most secure way of doing it)
There are quite some articles on this issue and they all point to more or less the same direction if you want your domoticz daemon executed by a non root user.
The domoticz pid file should be created in its own directory /var/run/domoticz/domoticz.pid
your daemon user (pi ?) should be given enough access to /var/run/domoticz/
Because /var/run/ is recreated on some systems at boot time these 2 actions need to be repeated before every domoticz start.
Look
here for a more detailed description with an example.
Last step for you would then be to change your monit config for the domoticz alive check to look at the domoticz.pid at the new location.
Re: Domoticz runs as root, and pid file for monit
Posted: Tuesday 27 August 2019 12:47
by AllesVanZelf
Hello Waaren,
Thank you for this answer. It is helping me a little bit further on this.
Systemd or init.d does not really mather to me, as long I am able to run domoticz as user. Pi indead.
I chose systemd now, with domoticz.sh removed from /etc/init.d/
I created: /etc/systemd/system/domoticz.service with a lot of help from internet:
Code: Select all
[Unit]
Description=domoticz_service
After=network-online.target
[Service]
User=pi
Group=users
PermissionsStartOnly=true
WorkingDirectory=/home/pi/domoticz
ExecStartPre=/usr/bin/install -d -m 0700 -o pi -g users /var/run/domoticz
ExecStartPre=setcap 'cap_net_bind_service=+ep' /home/pi/domoticz/domoticz
ExecStart=/home/pi/domoticz/domoticz -www 8090 -sslwww 8095 -pidfile /var/run/domoticz/domoticz.pid
PIDFILE=/var/run/domoticz/domoticz.pid
Restart=on-failure
RestartSec=1m
#StandardOutput=null
[Install]
WantedBy=multi-user.target
Than domoticz runs as pi.
But there is no pid file made. This setting: "-pidfile /var/run/domoticz/domoticz.pid", I got from the domotics.sh script. But that does not seem to work in this ExecStart command. Am I missing something?
Re: Domoticz runs as root, and pid file for monit
Posted: Tuesday 27 August 2019 14:39
by AllesVanZelf
Yes!, I think I have it working.
I dropped systemd en tried init.d/domotics.sh again.
Code: Select all
mv /home/pi/domoticz/domoticz.sh /etc/init.d/domoticz.sh
rm -rf /etc/systemd/system/domoticz.service
chown root:root /etc/init.d/domoticz.sh
chmod +x /etc/init.d/domoticz.sh
added:
Code: Select all
#make /var/run/domotics directory for pi
/usr/bin/install -d -m 0700 -o pi -g users /var/run/domoticz &
to /etc/rc.local
edited: /etc/init.d/domoticz.sh
Code: Select all
PIDFILE=/var/run/domoticz/$NAME.pid
removed the # from
Code: Select all
DAEMON_ARGS="-daemon"
DAEMON_ARGS="$DAEMON_ARGS -daemonname $NAME -pidfile $PIDFILE"
added --chuid $USERNAME to the second start-stop-daemon line in /etc/init.d/domoticz.sh (around line 60):
Code: Select all
start-stop-daemon --chuid $USERNAME --start --quiet --pidfile $PIDFILE --exec $DAEMON --test > /dev/null \
|| return 1
start-stop-daemon --chuid $USERNAME --start --quiet --pidfile $PIDFILE --exec $DAEMON -- \
$DAEMON_ARGS \
|| return 2
top |grep domo
Code: Select all
4242 pi 20 0 377068 64296 20324 S 0,3 6,8 0:46.15 domoticz
4242 pi 20 0 378092 64296 20324 S 4,9 6,8 0:46.30 domoticz
4242 pi 20 0 378092 64296 20324 S 3,6 6,8 0:46.41 domoticz
And monit as described in the wiki.
Everything seems to work well. Testing now.
Re: Domoticz runs as root, and pid file for monit
Posted: Sunday 22 December 2019 10:02
by tybreizh29
hi
for those who wants here is the service file that creates the pid file
[Unit]
Description=domoticz_service
After=network-online.target
[Service]
User=pi
Group=users
PermissionsStartOnly=true
WorkingDirectory=/home/pi/domoticz
ExecStartPre=/usr/bin/install -d -m 0755 -o pi -g users /var/run/domoticz
ExecStartPre=setcap 'cap_net_bind_service=+ep' /home/pi/domoticz/domoticz
ExecStart=/home/pi/domoticz/domoticz -www 8080 -sslwww 443 -daemon -pidfile /var/run/domoticz/domoticz.pid
PIDFile=/var/run/domoticz/domoticz.pid
Restart=on-failure
RestartSec=1m
#StandardOutput=null
[Install]
WantedBy=multi-user.target