I'm trying to set up watchman as a user service.
I've followed their documentation as closely as possible. This is what I have:
The socket file:
[Unit]
Description=Watchman socket for user %i
[Socket]
ListenStream=/usr/local/var/run/watchman/%i-state/sock
Accept=false
SocketMode=0664
SocketUser=%i
SocketGroup=%i
[Install]
WantedBy=sockets.target
The service file:
[Unit]
Description=Watchman for user %i
After=remote-fs.target
Conflicts=shutdown.target
[Service]
ExecStart=/usr/local/bin/watchman --foreground --inetd --log-level=2
ExecStop=/usr/bin/pkill -u %i -x watchman
Restart=on-failure
User=%i
Group=%i
StandardInput=socket
StandardOutput=syslog
SyslogIdentifier=watchman-%i
[Install]
WantedBy=multi-user.target
Systemd attempts to run watchman but is stuck in a restart loop.
These are the errors I get:
Apr 16 05:41:00 debian systemd[20894]: watchman@user.service: Failed to determine supplementary groups: Operation not permitted
Apr 16 05:41:00 debian systemd[20894]: watchman@user.service: Failed at step GROUP spawning /usr/local/bin/watchman: Operation not permitted
I'm 100% sure the group and user I'm enabling this service & socket exists.
What am I doing wrong?
Best Answer
I was running into the same issue. Googling I found this thread: https://bbs.archlinux.org/viewtopic.php?id=233035
The problem is with how the service is being started. If you specify the user/group in the unit file then you should start the service as a system service.
If you want to start the service as a user service then the User/Group is not needed and can be removed from the unit config. You simply start the service when logged in as the current user passing the
--user
flag to systemctl.