알쓸전컴(알아두면 쓸모있는 전자 컴퓨터)

apache2 서비스 실행 후 Bash 실행 본문

Web

apache2 서비스 실행 후 Bash 실행

백곳 2022. 8. 29. 09:15

apache2 서비스 실행 후 내가 만들 Bash 실행 

apache2 서비스 실행후에 특정 Bash 실행 파일을 실행 시킬 작업이 있어서 찾아 보게 되었습니다. 

방법은 /lib/systemd/system/apache2.service 파일을 수정 하는것 입니다.

저의 경우 일단 Bash 실행 파일을 /home/user/apache2StartAfter.sh 여기에 작성해 두었습니다. 

 

1. sudo nano /lib/systemd/system/apache2.service 

2. ExecStartPost 설정 추가 

[Unit]
Description=The Apache HTTP Server
After=network.target remote-fs.target nss-lookup.target

[Service]
Type=forking
Environment=APACHE_STARTED_BY_SYSTEMD=true
ExecStart=/usr/sbin/apachectl start
ExecStop=/usr/sbin/apachectl stop
ExecReload=/usr/sbin/apachectl graceful
PrivateTmp=true
Restart=on-abort
ExecStartPost=/bin/bash /home/user/apache2StartAfter.sh

[Install]
WantedBy=multi-user.target

 

여기서 재미 있는 옵션은 

https://www.freedesktop.org/software/systemd/man/systemd.service.html

사이트에 보면 

PrefixEffect

"@" If the executable path is prefixed with "@", the second specified token will be passed as "argv[0]" to the executed process (instead of the actual filename), followed by the further arguments specified.
"-" If the executable path is prefixed with "-", an exit code of the command normally considered a failure (i.e. non-zero exit status or abnormal exit due to signal) is recorded, but has no further effect and is considered equivalent to success.
":" If the executable path is prefixed with ":", environment variable substitution (as described by the "Command Lines" section below) is not applied.
"+" If the executable path is prefixed with "+" then the process is executed with full privileges. In this mode privilege restrictions configured with User=, Group=, CapabilityBoundingSet= or the various file system namespacing options (such as PrivateDevices=, PrivateTmp=) are not applied to the invoked command line (but still affect any other ExecStart=, ExecStop=, … lines).
"!" Similar to the "+" character discussed above this permits invoking command lines with elevated privileges. However, unlike "+" the "!" character exclusively alters the effect of User=, Group= and SupplementaryGroups=, i.e. only the stanzas that affect user and group credentials. Note that this setting may be combined with DynamicUser=, in which case a dynamic user/group pair is allocated before the command is invoked, but credential changing is left to the executed process itself.
"!!" This prefix is very similar to "!", however it only has an effect on systems lacking support for ambient process capabilities, i.e. without support for AmbientCapabilities=. It's intended to be used for unit files that take benefit of ambient capabilities to run processes with minimal privileges wherever possible while remaining compatible with systems that lack ambient capabilities support. Note that when "!!" is used, and a system lacking ambient capability support is detected any configured SystemCallFilter= and CapabilityBoundingSet= stanzas are implicitly modified, in order to permit spawned processes to drop credentials and capabilities themselves, even if this is configured to not be allowed. Moreover, if this prefix is used and a system lacking ambient capability support is detected AmbientCapabilities= will be skipped and not be applied. On systems supporting ambient capabilities, "!!" has no effect and is redundant.

- 옵션, + 옵션 입니다. 

"-" 은 Bash가 실패 하더라고 무시하고 서비스가 실행 되는 옵션 입니다.

"+" Root 권한으로 실행 할수 있는 옵션 입니다.

사용 법은 

ExecStartPost=-/bin/bash /home/user/apache2StartAfter.sh

ExecStartPost=+/bin/bash /home/user/apache2StartAfter.sh

 

입니다.

Comments