Linux service start error

[Solved] Linux Service Start Error: *.service: Main process exited, code=exited, status=203/EXEC

First, use journalctl – Xe to view the detailed error reports:

[[email protected] bin]# journalctl -xe Dec 10 18:47:05 rocketmq1-nameserver-test systemd[1]: Started nameserver. -- Subject: rocketmq-nameserver.service Unit has ended start -- Defined-By: systemd -- Support: https://access.redhat.com/support -- -- rocketmq-nameserver.service Unit has ended start. -- -- The start result is "done". Dec 10 18:47:05 rocketmq1-nameserver-test systemd[2414]: rocketmq-nameserver.service: Failed to execute command: Permission denied Dec 10 18:47:05 rocketmq1-nameserver-test systemd[2414]: rocketmq-nameserver.service: Failed at step EXEC spawning /home/rocketmq/bin/mqnamesrv: Permission denied -- Subject: progression /home/rocketmq/bin/mqnamesrv could not be executed -- Defined-By: systemd -- Support: https://access.redhat.com/support -- -- process /home/rocketmq/bin/mqnamesrv could not be executed and has failed. -- -- The process returns an error code of 13. Dec 10 18:47:05 rocketmq1-nameserver-test systemd[1]: rocketmq-nameserver.service: Main process exited, code=exited, status=203/EXEC Dec 10 18:47:05 rocketmq1-nameserver-test systemd[1]: rocketmq-nameserver.service: Failed with result 'exit-code'. -- Subject: Unit failed -- Defined-By: systemd -- Support: https://access.redhat.com/support -- -- The unit rocketmq-nameserver.service has entered the 'failed' state with result 'exit-code'. Dec 10 18:47:05 rocketmq1-nameserver-test dbus-daemon[970]: [system] Activating service name='org.fedoraproject.Setroubleshootd' requested by ':1.4' (uid=0 pid=948 comm="/usr/sbin/sedispatch " label="system_u:system_r:auditd_t:s0") (using servicehelper) Dec 10 18:47:05 rocketmq1-nameserver-test dbus-daemon[2417]: [system] Failed to reset fd limit before activating service: org.freedesktop.DBus.Error.AccessDenied: Failed to restore old fd limit: Operation not permitted Dec 10 18:47:07 rocketmq1-nameserver-test dbus-daemon[970]: [system] Successfully activated service 'org.fedoraproject.Setroubleshootd' Dec 10 18:47:07 rocketmq1-nameserver-test setroubleshoot[2417]: AnalyzeThread.run(): Cancel pending alarm Dec 10 18:47:07 rocketmq1-nameserver-test setroubleshoot[2417]: failed to retrieve rpm info for /home/rocketmq/bin/mqnamesrv Dec 10 18:47:07 rocketmq1-nameserver-test dbus-daemon[970]: [system] Activating service name='org.fedoraproject.SetroubleshootPrivileged' requested by ':1.94' (uid=995 pid=2417 comm="/usr/libexec/platform-python -Es /usr/sbin/setroub" label="system_u:system_r:setroubleshootd_t:s0-s0:c0.c1023") (using servicehelper) Dec 10 18:47:07 rocketmq1-nameserver-test dbus-daemon[2431]: [system] Failed to reset fd limit before activating service: org.freedesktop.DBus.Error.AccessDenied: Failed to restore old fd limit: Operation not permitted Dec 10 18:47:09 rocketmq1-nameserver-test dbus-daemon[970]: [system] Successfully activated service 'org.fedoraproject.SetroubleshootPrivileged' Dec 10 18:47:10 rocketmq1-nameserver-test setroubleshoot[2417]: SELinux is preventing /usr/lib/systemd/systemd from 'read, open' accesses on the file /home/rocketmq/bin/mqnamesrv. For complete SELinux messages run: sealert -l e1b1100f-c8cb-44d7-b3de-1559f1d87286 Dec 10 18:47:10 rocketmq1-nameserver-test setroubleshoot[2417]: SELinux is preventing /usr/lib/systemd/systemd from 'read, open' accesses on the file /home/rocketmq/bin/mqnamesrv. ***** Plugin restorecon (99.5 confidence) suggests ************************ If you want to fix the label. /home/rocketmq/bin/mqnamesrv default label should be home_bin_t. Then you can run restorecon. The access attempt may have been stopped due to insufficient permissions to access a parent directory in which case try to change the following command accordingly. Do # /sbin/restorecon -v /home/rocketmq/bin/mqnamesrv ***** Plugin catchall (1.49 confidence) suggests ************************** If you believe that systemd should be allowed read open access on the mqnamesrv file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c '(qnamesrv)' --raw | audit2allow -M my-qnamesrv # semodule -X 300 -i my-qnamesrv.pp 

Dec 10 18:47:07 rocketmq1-nameserver-test dbus-daemon[2431]: [system] Failed to reset fd limit before activating service: org.freedesktop.DBus.Error.AccessDenied: Failed to restore old fd limit: Operation not permitted Dec 10 18:47:09 rocketmq1-nameserver-test dbus-daemon[970]: [system] Successfully activated service 'org.fedoraproject.SetroubleshootPrivileged' Dec 10 18:47:10 rocketmq1-nameserver-test setroubleshoot[2417]: SELinux is preventing /usr/lib/systemd/systemd from 'read, open' accesses on the file /home/rocketmq/bin/mqnamesrv. For complete SELinux messages run: sealert -l e1b1100f-c8cb-44d7-b3de-1559f1d87286 

As mentioned above, we run: sealert – L e1b1100f-c8cb-44d7-b3de-1559f1d87286

[[email protected] bin]# sealert -l e1b1100f-c8cb-44d7-b3de-1559f1d87286 SELinux is preventing /usr/lib/systemd/systemd from 'read, open' accesses on the file /home/rocketmq/bin/mqnamesrv. ***** Plugin restorecon (99.5 confidence level) Recommended ****************************************** If you want to fix the tags. /home/rocketmq/bin/mqnamesrv the default tag should be home_bin_t. Then you can run restorecon. access attempts may have stopped due to insufficient permissions to access the parent directory, in which case try changing the following command accordingly. Do # /sbin/restorecon -v /home/rocketmq/bin/mqnamesrv ***** plug-in catchall (1.49 confidence level) Recommended ******************************************** If you believe (qnamesrv) should allow _BASE_PATH read open access to the mqnamesrv file by default. Then this should be reported as a bug. A local policy module can be generated to allow this access. Do Temporarily allow this access execute: #ausearch -c '(qnamesrv)'--raw | audit2allow -M my-qnamesrv #semodule -X 300 -i my-qnamesrv.pp Omit the following 

The last sentence above is to run the command: #ausearch – C ‘(qnamesrv)’ – raw | audit2alow – m my qnamesrv semodule – x 300 – I my qnamesrv pp

However, after running, it still reports an error
after verifying the data, it is the problem of SELinux:
SELinux believes that binary files can only be executed from some locations, and my user-defined directory is not clearly marked as allowed. It var_ T from/SRV /* (I think) inherited the type.

To get an extensive list of current rules for all directories, you can run semanage fcontext — list

I added an exception using the following ansible task:

name: set SELinux permissions on ts3server binaries
sefcontext:
target: “/srv/teamspeak/versions/[^/]+/ts3server”
setype: bin_ tname: reload SELinux policy to ensure that ts3server is executable
command: restorecon -irv /srv/teamspeak/
when: tarball. Changed
you can achieve the same goal by using the command followed by semanage fcontext restorecon – IRV/SRV/TeamSpeak/
therefore, we need to add a rocketmq startup flag:

restorecon -irv /home/rocketmq/bin/ 

Restart service succeeded:

[[email protected] bin]# semodule -i my-qnamesrv.pp [[email protected] bin]# systemctl start rocketmq-nameserver [[email protected] bin]# systemctl status rocketmq-nameserver ● rocketmq-nameserver.service - nameserver Loaded: loaded (/usr/lib/systemd/system/rocketmq-nameserver.service; enabled; vendor preset: disabled) Active: active (running) since Fri 2021-12-10 18:47:48 CST; 1min 15s ago Main PID: 2459 (mqnamesrv) Tasks: 36 (limit: 10931) Memory: 172.9M CGroup: /system.slice/rocketmq-nameserver.service ├─2459 /bin/sh /home/rocketmq/bin/mqnamesrv ├─2463 sh /home/rocketmq/bin/runserver.sh org.apache.rocketmq.namesrv.NamesrvStartup └─2480 /usr/local/jdk1.8.0_151/bin/java -server -Xms256m -Xmx256m -Xmn128m -XX:MetaspaceSize=128m -XX:MaxMetaspaceSize=320m -XX:+UseConcMarkSweepGC -XX:+UseCMSCompactAtFullCollection -XX:CMSInitiatingOccupancyFraction=70 -XX:+CMSP 

Read More:

• Virtual machine failed to start network service error: ob for network.service failed because the control process exited with error code
• [Solved] Job for network.service failed because the control process exited with error code. See “systemctl st
• [Solved] Job for docker.service failed because the control process exited with error code. After changing the docker configuration
• Nginx Startup Error: Job for nginx.service failed because the control process exited with error code
• [Solved] FTP Setup Error: Job for vsftpd.service failed because the control process exited with error code…
• [Solved] docker Startup Error: Job for docker.service failed because the control process exited with error code
• [Solved] ERROR: Linux route delete command failed: external program exited with error status: 2
• Linux Install Docker Error: Failed to restart docker.service: Unit docker.service not found.
• See system logs and ‘systemctl status docker.service‘ for details
• Linux Execution Error “service mysqld start“error while loading shared libraries: libaio.so.1“
• Firewall Status View Error: service iptables status [How to Solve]
• [Solved] mongo Startup Error: ERROR: child process failed, exited with error number 1
• Docker Startup Error: standard_init_linux.go:211: exec user process caused “no such file or directory”
• Restart and stop of nginx in Linux service
• Linux Connect Error: network.service failed [How to Solve]
• Failed to start firewalld.service: Unit is masked [How to Solve]
• Centos8 Could not restart the Network: Failed to restart network.service: Unit network.service not found
• Linux system service command error: Failed to allocate directory watch: Too many open files
• [Solved] YarnClientSchedulerBackend: Yarn application has already exited with state FAILED
• Install and start the tftp-server server and possible solutions to Redirecting to /bin/systemctl restart xinetd.service problems

Источник

failed to start service

I put it in the /etc/systemd/system folder and named it mine.service. If I run sudo service mine start it gives me :

— UPDATE —— I run first sudo systemctl daemon-reload and now it doesn’t give me any messages but the service still doesn’t start.

1 Answer 1

$HOME points to the user’s home directory who is running the script. Systemd services are started with root so it will likely trying to /root/theFolder/run.sh . Use absolute paths in service files.

You also have the forking option set. This is needed for program that background themselves, does your script do this? Most do not and if yours does not you should remove this option or systemd will be waiting for your script to finish to claim it as started.

Also system service files that point to scripts in your home directory are discouraged and possibly a security concern. Since they are run as root anyone that can modify them can potentially gain root access to your computer. It is far better to copy the script to /usr/local/bin and ensure it is owned and only writable by root to stop this. It is also a good idea to run the script as an unprivileged user using the User= and Group= options in the service file.

If you want to run it as your user it is better to put the service file in ~/.config/systemd/user/ and start/enable it with systemctl —user enable yourservice && systemctl —user start yourservice (note, run as your user not root). See this for more info on user service files.

Источник