User input during a systemctl/service call for CentOS?

0
votes

Lets say I have a service (like rsyslog) that when I stop it, I want to log the reasoning behind someone shutting it down. Expressing this simply would be

systemctl start rsyslog
systemctl stop rsyslog

(Begin the prompt as to why a user is doing this after shutting down rsyslog)

#!/bin/bash
    echo "you are shutting down the syslog service. Please state your name and reason."
    read -p "[name?]" name && read -p "[reason?]" reason 
    logger $name:$reason

Modifying the Unit Files (located in /usr/lib/systemd/system/rsyslog.service), to include an ExecStop of the path to the script, I am able to run the above script. I know that the script is working as checking the log messages shows a :, the nonvariable portion that was passed to logger.

I need to be able to have this script operate like said shell script the instant someone attempts to shutdown the logging service. This means that echo commands are shown on the terminal and variables can be recorded using the read command.

This may be similar to this persons question, but I can not understand it.

1
linuxcentosuser-inputsystemd
I'm voting to close this question as off-topic because it does not relate directly to programming. It belongs on the Unix and Linux StackExchange site, where it is a dupe of unix.stackexchange.com/questions/77769/… The question is really about systemd, not so much the OS, and both Arch and CentOS use systemd.Mark Stosberg
@MarkStosberg : Forgive me. I am looking for a way to make an executable interactable when using systemd. Documentation states that you should not, (section 8.6.2, step 1) and im looking for ways to circumvent that.Jouster500
First, you can disable root access for users that you don't trust (change the password and don't give it out). Instead, allow sudo for a limited set of actions that admins are allowed to do, which may or may not include stop'ing syslog. sudo logs the commands run by it. Second, you could monitor if rsyslog is running. If it's not, notify someone immediately. They can then check the sudo logs. systemd (and other init systems) aren't intended for interactive use while stopping/starting, and I don't recommend that use either.Mark Stosberg
@MarkStosberg : Why not? It should be an acceptable thing to do.Jouster500
Alright i got the answer. Give me some time to formulate itJouster500

1 Answers

2
votes

Thanks to Mark Stosberg for sharing information about the systemd-ask-password command that takes user input during a systemctl call.

For those unaware, the systemd-ask-password command is a password prompt that's available for all machines sponsoring the systemd service. A unique feature of this command is the fact it can allow for user input during a systemctl/service call. Knowing this, one can prompt for as much data as they like which integrates perfectly into standard bash scripts, allowing for the interaction that may or may not be needed during a call.

Here is an example script:

#!/bin/bash
date=$(/bin/date)
echo "Rsyslog has been turned off at $date. Below is the name and reason"
name=`systemd-ask-password --echo --no-tty "name:"`
reason=`systemd-ask-password --echo --no-tty "reason for shutting down rsyslog:"`
echo LOG:$name:$reason:ENDLOG >>/var/log/messages

You must make sure that when initializing any of your services you make changes to the unit files located in /usr/lib/systemd/system/ with an ExecStart, ExecStop, and so forth under the [Service] tag to equal the path to your scripts. You can find what other options you can here as well as some syntax, and tie in with the unit file as needed.