cross-posted from: https://reddthat.com/post/21668140

I have a VPN daemon that needs to run before the client will work. Normally, this would have been set up automatically by its install script, but the system is immutable.

I’ve created the systemd service via sysyemctl edit --force --full daemon.service with the following parameters:

[Unit] 
Description=Blah
After=network-online.target

[Service]
User=root
Group=root
ExecStart=/usr/bin/env /path/to/daemon

[Install]
WantedBy=multi-user.target

I’ve verified that the daemon is actually executable, and it runs fine when I manually call it via sudo daemon. When I try to run it with sudo systemctl enable --now daemon.service, it exits with error code 126.

What am I missing?

Edit: Typo, and added the relevant user and group to the Service section. Still throwing a 126.

Solution: the system wanted /usr/bin/env in ExecStart to launch the binary. The .service file above has been edited to show the working solution.

  • @[email protected]English
    35 months ago

    If that is your full .service file you are missing the directive to tell the daemon what user to run under. Under service try adding

    User=root

    Group=root

    Before the ExecStart command line.

    • RustmilianEnglish
      45 months ago

      On that, make sure it’s in the root systemd path. Something like /etc/systemd/system/blah.service, placing it in the user systemd service path (~/.config/systemd/user/) will cause permission errors as it’ll try accessing the root user from the current user.

      • @[email protected]OPEnglish
        25 months ago

        Thanks, I verified that it’s in the correct place. Still throwing a 126 (see the modifications in the edit).

        • RustmilianEnglish
          15 months ago

          What’s the specific VPN service? I’ll check their docs.

            • RustmilianEnglish
              15 months ago

              I assume so, but just to be sure, have you run sudo systemctl enable blah.service then reboot? It’ll symbolic link to the systemd auto start service and run it at boot.
              Also, make sure everything is marked as executable; especially whatever you have “/path/to/daemon” set as. sudo chmod +x /path/to/daemon
              Restart the service or reboot then :
              sudo systemctl status blah.service

              • @[email protected]OPEnglish
                25 months ago

                Yep, more specifically I tried sudo systemctl enable --now daemon.service. Gives the same error, and maybe that’s because it’s some kind of binary.

                sudo /bin/bash /path/to/daemon throws the same error, but sudo /path/to/daemon does not. However, if I drop , /bin/bash from the service file, it throws a 203 error instead.

                • RustmilianEnglish
                  35 months ago

                  Is the daemon a binary? If so drop the bash part and try sudo chmod 755 /path/to/daemon.

    • @[email protected]English
      45 months ago

      Is that necessary for processes running as root? AfaIk, root is default.

      Keywords should be in CamelCase format, thus the space in Wanted By is wrong.

      • @[email protected]English
        35 months ago

        Honestly can’t believe I completely missed the space in Wanted By. This is likely the bigger culprit to the failed to run error. Poster above me is correct should read

        WantedBy

      • @[email protected]OPEnglish
        25 months ago

        Foiled by autocorrect! There’s no space in the original file, and I’ve edited my post to reflect that.

    • @[email protected]OPEnglish
      25 months ago

      I added the relevant user and group, and it’s still throwing a 126. I checked the daemon itself, and it looks like it’s a pre-compiled binary. Manually running /bin/bash /path/to/daemon gives the same error, but sudo /path/to/daemon starts the daemon.