systemd service: permission denied












1















I have a new systemd service that fails to start with a "permission denied" error.
I bought a Thinkpad L480. Unfortunately, there seems to be an issue with the kernel not detecting the touchpad. This is addressed here can be solved by



sudo sh -c 'echo -n "elantech" > /sys/bus/serio/devices/serio1/protocol'


As I do not want to do this on every single startup, I made a systemd service, which does not work as expected.



My touchpad_enabler.service is



[Unit]
Description=FooBar

[Service]
Type=oneshot
ExecStart=/usr/local/bin/enable_touchpad.sh

[Install]
WantedBy=default.target


The script file is simply



#!/bin/bash

echo -n "elantech" > /sys/bus/serio/devices/serio1/protocol


But I also tried it with the sh -c version. I adjusted the permissions via



sudo chmod 744 /usr/local/bin/enable_touchpad.sh
sudo chmod 644 /etc/systemd/system/touchpad_enabler.service


so both files are owned by root.
I then enabled it via



systemctl enable enable_touchpad.sh


When I manually start the service via systemctl start touchpad_enabler.service, it works totally fine and the touchpad works as it should. However, on startup , the service fails and is listet as 'failed' in systemctl list-units.



The output of journalctl -b -u touchpad_enabler.service is:



systemd[1]: Starting Solves bug that Thinkpad L480 Touchpad is not correctly detected...
enable_touchpad.sh[516]: sh: /sys/bus/serio/devices/serio1/protocol: permission denied
systemd[1]: touchpad_enabler.service: Main process exited, code=exited, status=1/FAILURE
systemd[1]: touchpad_enabler.service: Failed with result 'exit-code'.
systemd[1]: Failed to start FooBar


It looks like the problem is the permission to write to the file itself. But manually starting the service works fine and to my understanding systemd should execute the command as root anyway, right?



From reading man systemctl.service I got the idea to prepend '+' to the filepath so that it read



ExecStart=+/usr/local/bin/enable_touchpad.sh


With no effect.



I do not really understand where this protocol file comes from. It looks like it gets created by the kernel on startup? So I also experimented with the After= parameter, but systemd should start the services after the kernel is fully loaded, right? The file is also owned by root so I would not expect any problems there.



I hope someone can help me. Thanks in advance.










share|improve this question





























    1















    I have a new systemd service that fails to start with a "permission denied" error.
    I bought a Thinkpad L480. Unfortunately, there seems to be an issue with the kernel not detecting the touchpad. This is addressed here can be solved by



    sudo sh -c 'echo -n "elantech" > /sys/bus/serio/devices/serio1/protocol'


    As I do not want to do this on every single startup, I made a systemd service, which does not work as expected.



    My touchpad_enabler.service is



    [Unit]
    Description=FooBar

    [Service]
    Type=oneshot
    ExecStart=/usr/local/bin/enable_touchpad.sh

    [Install]
    WantedBy=default.target


    The script file is simply



    #!/bin/bash

    echo -n "elantech" > /sys/bus/serio/devices/serio1/protocol


    But I also tried it with the sh -c version. I adjusted the permissions via



    sudo chmod 744 /usr/local/bin/enable_touchpad.sh
    sudo chmod 644 /etc/systemd/system/touchpad_enabler.service


    so both files are owned by root.
    I then enabled it via



    systemctl enable enable_touchpad.sh


    When I manually start the service via systemctl start touchpad_enabler.service, it works totally fine and the touchpad works as it should. However, on startup , the service fails and is listet as 'failed' in systemctl list-units.



    The output of journalctl -b -u touchpad_enabler.service is:



    systemd[1]: Starting Solves bug that Thinkpad L480 Touchpad is not correctly detected...
    enable_touchpad.sh[516]: sh: /sys/bus/serio/devices/serio1/protocol: permission denied
    systemd[1]: touchpad_enabler.service: Main process exited, code=exited, status=1/FAILURE
    systemd[1]: touchpad_enabler.service: Failed with result 'exit-code'.
    systemd[1]: Failed to start FooBar


    It looks like the problem is the permission to write to the file itself. But manually starting the service works fine and to my understanding systemd should execute the command as root anyway, right?



    From reading man systemctl.service I got the idea to prepend '+' to the filepath so that it read



    ExecStart=+/usr/local/bin/enable_touchpad.sh


    With no effect.



    I do not really understand where this protocol file comes from. It looks like it gets created by the kernel on startup? So I also experimented with the After= parameter, but systemd should start the services after the kernel is fully loaded, right? The file is also owned by root so I would not expect any problems there.



    I hope someone can help me. Thanks in advance.










    share|improve this question



























      1












      1








      1








      I have a new systemd service that fails to start with a "permission denied" error.
      I bought a Thinkpad L480. Unfortunately, there seems to be an issue with the kernel not detecting the touchpad. This is addressed here can be solved by



      sudo sh -c 'echo -n "elantech" > /sys/bus/serio/devices/serio1/protocol'


      As I do not want to do this on every single startup, I made a systemd service, which does not work as expected.



      My touchpad_enabler.service is



      [Unit]
      Description=FooBar

      [Service]
      Type=oneshot
      ExecStart=/usr/local/bin/enable_touchpad.sh

      [Install]
      WantedBy=default.target


      The script file is simply



      #!/bin/bash

      echo -n "elantech" > /sys/bus/serio/devices/serio1/protocol


      But I also tried it with the sh -c version. I adjusted the permissions via



      sudo chmod 744 /usr/local/bin/enable_touchpad.sh
      sudo chmod 644 /etc/systemd/system/touchpad_enabler.service


      so both files are owned by root.
      I then enabled it via



      systemctl enable enable_touchpad.sh


      When I manually start the service via systemctl start touchpad_enabler.service, it works totally fine and the touchpad works as it should. However, on startup , the service fails and is listet as 'failed' in systemctl list-units.



      The output of journalctl -b -u touchpad_enabler.service is:



      systemd[1]: Starting Solves bug that Thinkpad L480 Touchpad is not correctly detected...
      enable_touchpad.sh[516]: sh: /sys/bus/serio/devices/serio1/protocol: permission denied
      systemd[1]: touchpad_enabler.service: Main process exited, code=exited, status=1/FAILURE
      systemd[1]: touchpad_enabler.service: Failed with result 'exit-code'.
      systemd[1]: Failed to start FooBar


      It looks like the problem is the permission to write to the file itself. But manually starting the service works fine and to my understanding systemd should execute the command as root anyway, right?



      From reading man systemctl.service I got the idea to prepend '+' to the filepath so that it read



      ExecStart=+/usr/local/bin/enable_touchpad.sh


      With no effect.



      I do not really understand where this protocol file comes from. It looks like it gets created by the kernel on startup? So I also experimented with the After= parameter, but systemd should start the services after the kernel is fully loaded, right? The file is also owned by root so I would not expect any problems there.



      I hope someone can help me. Thanks in advance.










      share|improve this question
















      I have a new systemd service that fails to start with a "permission denied" error.
      I bought a Thinkpad L480. Unfortunately, there seems to be an issue with the kernel not detecting the touchpad. This is addressed here can be solved by



      sudo sh -c 'echo -n "elantech" > /sys/bus/serio/devices/serio1/protocol'


      As I do not want to do this on every single startup, I made a systemd service, which does not work as expected.



      My touchpad_enabler.service is



      [Unit]
      Description=FooBar

      [Service]
      Type=oneshot
      ExecStart=/usr/local/bin/enable_touchpad.sh

      [Install]
      WantedBy=default.target


      The script file is simply



      #!/bin/bash

      echo -n "elantech" > /sys/bus/serio/devices/serio1/protocol


      But I also tried it with the sh -c version. I adjusted the permissions via



      sudo chmod 744 /usr/local/bin/enable_touchpad.sh
      sudo chmod 644 /etc/systemd/system/touchpad_enabler.service


      so both files are owned by root.
      I then enabled it via



      systemctl enable enable_touchpad.sh


      When I manually start the service via systemctl start touchpad_enabler.service, it works totally fine and the touchpad works as it should. However, on startup , the service fails and is listet as 'failed' in systemctl list-units.



      The output of journalctl -b -u touchpad_enabler.service is:



      systemd[1]: Starting Solves bug that Thinkpad L480 Touchpad is not correctly detected...
      enable_touchpad.sh[516]: sh: /sys/bus/serio/devices/serio1/protocol: permission denied
      systemd[1]: touchpad_enabler.service: Main process exited, code=exited, status=1/FAILURE
      systemd[1]: touchpad_enabler.service: Failed with result 'exit-code'.
      systemd[1]: Failed to start FooBar


      It looks like the problem is the permission to write to the file itself. But manually starting the service works fine and to my understanding systemd should execute the command as root anyway, right?



      From reading man systemctl.service I got the idea to prepend '+' to the filepath so that it read



      ExecStart=+/usr/local/bin/enable_touchpad.sh


      With no effect.



      I do not really understand where this protocol file comes from. It looks like it gets created by the kernel on startup? So I also experimented with the After= parameter, but systemd should start the services after the kernel is fully loaded, right? The file is also owned by root so I would not expect any problems there.



      I hope someone can help me. Thanks in advance.







      linux permissions services systemd






      share|improve this question















      share|improve this question













      share|improve this question




      share|improve this question








      edited Feb 9 at 11:00







      Bloch

















      asked Feb 8 at 17:16









      BlochBloch

      136




      136






















          1 Answer
          1






          active

          oldest

          votes


















          1














          It seems like you have the service and script files a little confused. The contents of the files seem like they should work though.



          Systemd needs a service file. Put this file here



          /etc/systemd/system/touchpad_enabler.service


          With the contents:



          [Unit]
          Description=FooBar

          [Service]
          Type=oneshot
          ExecStart=/usr/local/bin/enable_touchpad.sh

          [Install]
          WantedBy=default.target


          Then your script here (I changed the name to make the separation between service file and script file clearer. Also /usr/local/bin is a better place because it's generally meant for local scripts/programs)



          /usr/local/bin/enable_touchpad.sh


          And it will have the contents (unchanged):



          #!/bin/bash
          echo -n "elantech" > /sys/bus/serio/devices/serio1/protocol


          Make sure the permissions on the script and the service file are correct. They should be owned by root and the script should be executable.



          sudo chmod 744 /usr/local/bin/enable_touchpad.sh
          sudo chmod 644 /etc/systemd/system/touchpad_enabler.service


          Then you enable the systemd service.



          sudo systemctl enable touchpad_enabler.service


          This enables the service so it will run at boot. It can also be run manually with:



          sudo systemctl start touchpad_enabler.service


          or you can directly run the script, bypassing the systemd service:



          sudo /usr/local/bin/enable_touchpad.sh


          I can't really speak to the bug or when the protocol file is created, but the service should work.



          EDIT:

          You can add the After= parameter to the [Unit] section of the service to make sure it runs after a specific target, like default.target or multi-user.target. By default, every service has a dependency on sysinit.target, so I'm not sure how much that would matter in your case.



          If you look here, https://stackoverflow.com/questions/27511139/how-to-make-sysfs-changes-persistent-in-centos-7-systemd, there are other ways to accomplish what you want without a custom service. Maybe you can try a udev rule.






          share|improve this answer


























          • Thank you for your answer. I actually did everything you mentioned. I just had it wrong in my question (the ExecStart= part) the error message showes, that it did actually find the script, tries to execute it, but lacks permissions. I edited my question where this was yet unclear and changed the filenames according to your suggestion to make it clearer. Manually starting the service works fine. But not loading on startup.

            – Bloch
            Feb 9 at 11:01













          • What did you try with the After option? Does adding After=default.target to the [Unit] section help?

            – nitram
            Feb 9 at 16:31











          Your Answer








          StackExchange.ready(function() {
          var channelOptions = {
          tags: "".split(" "),
          id: "3"
          };
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function() {
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled) {
          StackExchange.using("snippets", function() {
          createEditor();
          });
          }
          else {
          createEditor();
          }
          });

          function createEditor() {
          StackExchange.prepareEditor({
          heartbeatType: 'answer',
          autoActivateHeartbeat: false,
          convertImagesToLinks: true,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: 10,
          bindNavPrevention: true,
          postfix: "",
          imageUploader: {
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          },
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          });


          }
          });














          draft saved

          draft discarded


















          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1403601%2fsystemd-service-permission-denied%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown

























          1 Answer
          1






          active

          oldest

          votes








          1 Answer
          1






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes









          1














          It seems like you have the service and script files a little confused. The contents of the files seem like they should work though.



          Systemd needs a service file. Put this file here



          /etc/systemd/system/touchpad_enabler.service


          With the contents:



          [Unit]
          Description=FooBar

          [Service]
          Type=oneshot
          ExecStart=/usr/local/bin/enable_touchpad.sh

          [Install]
          WantedBy=default.target


          Then your script here (I changed the name to make the separation between service file and script file clearer. Also /usr/local/bin is a better place because it's generally meant for local scripts/programs)



          /usr/local/bin/enable_touchpad.sh


          And it will have the contents (unchanged):



          #!/bin/bash
          echo -n "elantech" > /sys/bus/serio/devices/serio1/protocol


          Make sure the permissions on the script and the service file are correct. They should be owned by root and the script should be executable.



          sudo chmod 744 /usr/local/bin/enable_touchpad.sh
          sudo chmod 644 /etc/systemd/system/touchpad_enabler.service


          Then you enable the systemd service.



          sudo systemctl enable touchpad_enabler.service


          This enables the service so it will run at boot. It can also be run manually with:



          sudo systemctl start touchpad_enabler.service


          or you can directly run the script, bypassing the systemd service:



          sudo /usr/local/bin/enable_touchpad.sh


          I can't really speak to the bug or when the protocol file is created, but the service should work.



          EDIT:

          You can add the After= parameter to the [Unit] section of the service to make sure it runs after a specific target, like default.target or multi-user.target. By default, every service has a dependency on sysinit.target, so I'm not sure how much that would matter in your case.



          If you look here, https://stackoverflow.com/questions/27511139/how-to-make-sysfs-changes-persistent-in-centos-7-systemd, there are other ways to accomplish what you want without a custom service. Maybe you can try a udev rule.






          share|improve this answer


























          • Thank you for your answer. I actually did everything you mentioned. I just had it wrong in my question (the ExecStart= part) the error message showes, that it did actually find the script, tries to execute it, but lacks permissions. I edited my question where this was yet unclear and changed the filenames according to your suggestion to make it clearer. Manually starting the service works fine. But not loading on startup.

            – Bloch
            Feb 9 at 11:01













          • What did you try with the After option? Does adding After=default.target to the [Unit] section help?

            – nitram
            Feb 9 at 16:31
















          1














          It seems like you have the service and script files a little confused. The contents of the files seem like they should work though.



          Systemd needs a service file. Put this file here



          /etc/systemd/system/touchpad_enabler.service


          With the contents:



          [Unit]
          Description=FooBar

          [Service]
          Type=oneshot
          ExecStart=/usr/local/bin/enable_touchpad.sh

          [Install]
          WantedBy=default.target


          Then your script here (I changed the name to make the separation between service file and script file clearer. Also /usr/local/bin is a better place because it's generally meant for local scripts/programs)



          /usr/local/bin/enable_touchpad.sh


          And it will have the contents (unchanged):



          #!/bin/bash
          echo -n "elantech" > /sys/bus/serio/devices/serio1/protocol


          Make sure the permissions on the script and the service file are correct. They should be owned by root and the script should be executable.



          sudo chmod 744 /usr/local/bin/enable_touchpad.sh
          sudo chmod 644 /etc/systemd/system/touchpad_enabler.service


          Then you enable the systemd service.



          sudo systemctl enable touchpad_enabler.service


          This enables the service so it will run at boot. It can also be run manually with:



          sudo systemctl start touchpad_enabler.service


          or you can directly run the script, bypassing the systemd service:



          sudo /usr/local/bin/enable_touchpad.sh


          I can't really speak to the bug or when the protocol file is created, but the service should work.



          EDIT:

          You can add the After= parameter to the [Unit] section of the service to make sure it runs after a specific target, like default.target or multi-user.target. By default, every service has a dependency on sysinit.target, so I'm not sure how much that would matter in your case.



          If you look here, https://stackoverflow.com/questions/27511139/how-to-make-sysfs-changes-persistent-in-centos-7-systemd, there are other ways to accomplish what you want without a custom service. Maybe you can try a udev rule.






          share|improve this answer


























          • Thank you for your answer. I actually did everything you mentioned. I just had it wrong in my question (the ExecStart= part) the error message showes, that it did actually find the script, tries to execute it, but lacks permissions. I edited my question where this was yet unclear and changed the filenames according to your suggestion to make it clearer. Manually starting the service works fine. But not loading on startup.

            – Bloch
            Feb 9 at 11:01













          • What did you try with the After option? Does adding After=default.target to the [Unit] section help?

            – nitram
            Feb 9 at 16:31














          1












          1








          1







          It seems like you have the service and script files a little confused. The contents of the files seem like they should work though.



          Systemd needs a service file. Put this file here



          /etc/systemd/system/touchpad_enabler.service


          With the contents:



          [Unit]
          Description=FooBar

          [Service]
          Type=oneshot
          ExecStart=/usr/local/bin/enable_touchpad.sh

          [Install]
          WantedBy=default.target


          Then your script here (I changed the name to make the separation between service file and script file clearer. Also /usr/local/bin is a better place because it's generally meant for local scripts/programs)



          /usr/local/bin/enable_touchpad.sh


          And it will have the contents (unchanged):



          #!/bin/bash
          echo -n "elantech" > /sys/bus/serio/devices/serio1/protocol


          Make sure the permissions on the script and the service file are correct. They should be owned by root and the script should be executable.



          sudo chmod 744 /usr/local/bin/enable_touchpad.sh
          sudo chmod 644 /etc/systemd/system/touchpad_enabler.service


          Then you enable the systemd service.



          sudo systemctl enable touchpad_enabler.service


          This enables the service so it will run at boot. It can also be run manually with:



          sudo systemctl start touchpad_enabler.service


          or you can directly run the script, bypassing the systemd service:



          sudo /usr/local/bin/enable_touchpad.sh


          I can't really speak to the bug or when the protocol file is created, but the service should work.



          EDIT:

          You can add the After= parameter to the [Unit] section of the service to make sure it runs after a specific target, like default.target or multi-user.target. By default, every service has a dependency on sysinit.target, so I'm not sure how much that would matter in your case.



          If you look here, https://stackoverflow.com/questions/27511139/how-to-make-sysfs-changes-persistent-in-centos-7-systemd, there are other ways to accomplish what you want without a custom service. Maybe you can try a udev rule.






          share|improve this answer















          It seems like you have the service and script files a little confused. The contents of the files seem like they should work though.



          Systemd needs a service file. Put this file here



          /etc/systemd/system/touchpad_enabler.service


          With the contents:



          [Unit]
          Description=FooBar

          [Service]
          Type=oneshot
          ExecStart=/usr/local/bin/enable_touchpad.sh

          [Install]
          WantedBy=default.target


          Then your script here (I changed the name to make the separation between service file and script file clearer. Also /usr/local/bin is a better place because it's generally meant for local scripts/programs)



          /usr/local/bin/enable_touchpad.sh


          And it will have the contents (unchanged):



          #!/bin/bash
          echo -n "elantech" > /sys/bus/serio/devices/serio1/protocol


          Make sure the permissions on the script and the service file are correct. They should be owned by root and the script should be executable.



          sudo chmod 744 /usr/local/bin/enable_touchpad.sh
          sudo chmod 644 /etc/systemd/system/touchpad_enabler.service


          Then you enable the systemd service.



          sudo systemctl enable touchpad_enabler.service


          This enables the service so it will run at boot. It can also be run manually with:



          sudo systemctl start touchpad_enabler.service


          or you can directly run the script, bypassing the systemd service:



          sudo /usr/local/bin/enable_touchpad.sh


          I can't really speak to the bug or when the protocol file is created, but the service should work.



          EDIT:

          You can add the After= parameter to the [Unit] section of the service to make sure it runs after a specific target, like default.target or multi-user.target. By default, every service has a dependency on sysinit.target, so I'm not sure how much that would matter in your case.



          If you look here, https://stackoverflow.com/questions/27511139/how-to-make-sysfs-changes-persistent-in-centos-7-systemd, there are other ways to accomplish what you want without a custom service. Maybe you can try a udev rule.







          share|improve this answer














          share|improve this answer



          share|improve this answer








          edited Feb 9 at 18:38

























          answered Feb 8 at 22:47









          nitramnitram

          112




          112













          • Thank you for your answer. I actually did everything you mentioned. I just had it wrong in my question (the ExecStart= part) the error message showes, that it did actually find the script, tries to execute it, but lacks permissions. I edited my question where this was yet unclear and changed the filenames according to your suggestion to make it clearer. Manually starting the service works fine. But not loading on startup.

            – Bloch
            Feb 9 at 11:01













          • What did you try with the After option? Does adding After=default.target to the [Unit] section help?

            – nitram
            Feb 9 at 16:31



















          • Thank you for your answer. I actually did everything you mentioned. I just had it wrong in my question (the ExecStart= part) the error message showes, that it did actually find the script, tries to execute it, but lacks permissions. I edited my question where this was yet unclear and changed the filenames according to your suggestion to make it clearer. Manually starting the service works fine. But not loading on startup.

            – Bloch
            Feb 9 at 11:01













          • What did you try with the After option? Does adding After=default.target to the [Unit] section help?

            – nitram
            Feb 9 at 16:31

















          Thank you for your answer. I actually did everything you mentioned. I just had it wrong in my question (the ExecStart= part) the error message showes, that it did actually find the script, tries to execute it, but lacks permissions. I edited my question where this was yet unclear and changed the filenames according to your suggestion to make it clearer. Manually starting the service works fine. But not loading on startup.

          – Bloch
          Feb 9 at 11:01







          Thank you for your answer. I actually did everything you mentioned. I just had it wrong in my question (the ExecStart= part) the error message showes, that it did actually find the script, tries to execute it, but lacks permissions. I edited my question where this was yet unclear and changed the filenames according to your suggestion to make it clearer. Manually starting the service works fine. But not loading on startup.

          – Bloch
          Feb 9 at 11:01















          What did you try with the After option? Does adding After=default.target to the [Unit] section help?

          – nitram
          Feb 9 at 16:31





          What did you try with the After option? Does adding After=default.target to the [Unit] section help?

          – nitram
          Feb 9 at 16:31


















          draft saved

          draft discarded




















































          Thanks for contributing an answer to Super User!


          • Please be sure to answer the question. Provide details and share your research!

          But avoid



          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.


          To learn more, see our tips on writing great answers.




          draft saved


          draft discarded














          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1403601%2fsystemd-service-permission-denied%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown





















































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown

































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown







          Popular posts from this blog

          flock() on closed filehandle LOCK_FILE at /usr/bin/apt-mirror

          Mangá

          Eduardo VII do Reino Unido