Hello,
I have been trying to create a system service that would run a script on shutdown (hence why I went for a system service over a user service) and landed on something like this
[Unit]
Description=Run backup script on shutdown
DefaultDependencies=no
Before=poweroff.target halt.target
Requires=network.target
[Service]
Type=oneshot
RemainAfterExit=true
ExecStart=/bin/true
ExecStop=/var/home/blackeco/scripts/backup.sh
User=blackeco
Group=blackeco
[Install]
WantedBy=poweroff.target halt.target
Unfortunately, when the shutdown occurs, systemd fails to execute the script:
backup-on-shutdown.service: Unable to locate executable '/var/home/blackeco/scripts/backup.sh': Permission denied
backup-on-shutdown.service: Failed at step EXEC spawning /var/home/blackeco/scripts/backup.sh: Permission denied
This script is correctly owned by user blackeco and permissions look fine
$ ls -la /var/home/blackeco/scripts
drwxr-xr-x. 1 blackeco blackeco 154 5 Feb. 13:50 ./
drwxr-xr-x. 1 blackeco blackeco 116 3 Feb. 13:07 ../
-rwxr-xr-x. 1 blackeco blackeco 794 4 Feb. 15:44 backup.sh*
I’m very puzzled as to why. I’m running Bluefin 41 (itself based on Fedora Silverblue 41).
From what I gathered from the comments, system services cannot access the home directory by design: user services should be used instead.
But since it is nearly impossible de execute a user service on shutdown, I changed my approach and went for a user service and a timer that initiates a backup every 15 minutes. Since the backups are incremental, it shouldn’t take too much time nor space.
Can you put the script somewhere else in var?
/usr/localor/optare usually for distro-external stuff.is your home folder actually under /var/home/… not under /home/… ?
does the scripr run correctly when you paste the full path in the comandline?
Fedora Atomic, and by extension Universal Blue, does put the home in /var. It’s to denote that the directory is mutable.
is your home folder actually under /var/home/… not under /home/… ?
Yep, it’s how Silverblue is set up
$ ls -l /home lrwxrwxrwx. 4 root root 8 28 janv. 13:51 /home -> var/home/does the scripr run correctly when you paste the full path in the comandline?
Yes
What are the permissions all the way to the script ? Can
blackecoreach the script ?drwxr-xr-x. 1 root root 26 28 Jan. 13:03 /var drwxr-xr-x. 1 root root 228 3 Feb. 09:55 /var/home drwx------. 1 blackeco blackeco 1544 5 Feb. 17:52 /var/home/blackeco drwxr-xr-x. 1 blackeco blackeco 116 3 Feb. 13:07 /var/home/blackeco/scripts -rwxr-xr-x. 1 blackeco blackeco 794 4 Feb. 15:44 /var/home/blackeco/scripts/backup.sh*And yes,
blackecocan reach it
I’m not familiar with Silverblue but home being in /var is sus. Usually it’s in /home. But maybe it’s mounted in a weird Silverblue way and gets unmounted before it runs.
But running scripts on shutdown is hard to impossible. I always wanted to run automatic updates on shutdown but they don’t have networking even if the unit file requires networking. I haven’t seen anyone properly manage to do that yet, so good luck. And please make a post if it does end up working. Then I will revisit my own efforts again.
It’s not sus at all. The reason
/homeis in/varis because/varand/etcare the only writeable directories on the system. There is a/home, but it’s actually just a symlink to/var/home.This is how all of the Fedora atomic systems are set up, and it’s been the case for a lot of the other immutable distros I’ve tried. It’s just a different way of doing things.
If that’s the reason maybe OP can add the shutdown as the last step on the script and execute the script instead of the shut down button as a work around.
No, I really don’t want to hijack the UI for this, as it could break with a DE update. And that wouldn’t work when shutting down from the console.
I haven’t seen anyone properly manage to do that yet, so good luck.
Yes, that’s the whole problem, Internet is littered with posts on running a script on shutdown but none of my attempts so far has been successful.
Is this a systemd user service?
As I said, this is a system service
This seems to be a systemd feature, system services can’t touch home directories by default.
https://unix.stackexchange.com/a/684074
I think a user script would still work. Or you could set the flag that would let system services access your home.
I would try
ProtectHome=read-onlybut then restic wouldn’t be able to write its local cache to~/.restic.I went for a user service first to make my life easier, but unfortunately you can’t use targets
poweroff.targetandhalt.targetUnit /etc/systemd/user/backup-on-shutdown.service is added as a dependency to a non-existent unit poweroff.target Unit /etc/systemd/user/backup-on-shutdown.service is added as a dependency to a non-existent unit halt.target.I may be in a bind then…
