AWS Linux 2 – EC2 사용자 개발 서비스 인스톨

Daemon으로 서비스를 돌리기 위해서 셋업하는 방법을 기록한다.

#1. 서비스 목록 보기

sudo systemctl list-units

#2. 서비스 만들기

sudo vim /etc/systemd/system/api_server.service

콘텐츠를 편집한다.

[Unit]
Description=Stock API FastAPI Project
After=network.target

[Service]
User=ec2-user
Group=User
WorkingDirectory=/home/ec2-user/api_server/
Environment="PATH=/home/ec2-user/api_server/venv/bin:$PATH;PYTHONPATH=/home/ec2-user/api_server/venv/:$PYTHONPATH"
ExecStart=echo $PATH, $PYTHONPATH;


[Install]
WantedBy=multi-user.target

User와 Group이 뭔지도 몰라서 아는 것을 집어넣었다.

× api_server.service - Stock API FastAPI Project
     Loaded: loaded (/etc/systemd/system/api_server.service; disabled; preset: disabled)
     Active: failed (Result: exit-code) since Tue 2024-02-20 00:56:02 UTC; 100ms ago
   Duration: 1ms
    Process: 76736 ExecStart=echo $PATH, $PYTHONPATH; (code=exited, status=216/GROUP)
   Main PID: 76736 (code=exited, status=216/GROUP)
        CPU: 0

Feb 20 00:56:02 ip-10-0-140-229.ap-northeast-2.compute.internal systemd[1]: Started api_server.service - Stock API FastAPI Project.
Feb 20 00:56:02 ip-10-0-140-229.ap-northeast-2.compute.internal systemd[1]: api_server.service: Main process exited, code=exited, status=216/GR>
Feb 20 00:56:02 ip-10-0-140-229.ap-northeast-2.compute.internal systemd[1]: api_server.service: Failed with result 'exit-code'.

내가 생각해도 Group에 User는 맥락이 없었다.
다시 바꾼다.

[Unit]
Description=Stock API FastAPI Project
After=network.target

[Service]
User=nobody
Group=nobody
WorkingDirectory=/home/ec2-user/api_server/
Environment="PATH=/home/ec2-user/api_server/venv/bin:$PATH;PYTHONPATH=/home/ec2-user/api_server/venv/:$PYTHONPATH"
ExecStart=echo $PATH, $PYTHONPATH;


[Install]
WantedBy=multi-user.target
 api_server.service - Stock API FastAPI Project
     Loaded: loaded (/etc/systemd/system/api_server.service; disabled; preset: disabled)
     Active: inactive (dead)

Feb 20 00:57:16 ip-10-0-140-229.ap-northeast-2.compute.internal systemd[1]: api_server.service: Main process exited, code=exited, status=200/CHDIR
Feb 20 00:57:16 ip-10-0-140-229.ap-northeast-2.compute.internal systemd[1]: api_server.service: Failed with result 'exit-code'.
Feb 20 01:01:06 ip-10-0-140-229.ap-northeast-2.compute.internal systemd[1]: [🡕] /etc/systemd/system/api_server.service:6: Special user nobody configured, this is not safe!
Feb 20 01:01:06 ip-10-0-140-229.ap-northeast-2.compute.internal systemd[1]: Started api_server.service - Stock API FastAPI Project.
Feb 20 01:01:06 ip-10-0-140-229.ap-northeast-2.compute.internal systemd[1]: api_server.service: Main process exited, code=exited, status=200/CHDIR
Feb 20 01:01:06 ip-10-0-140-229.ap-northeast-2.compute.internal systemd[1]: api_server.service: Failed with result 'exit-code'.
Feb 20 01:01:25 ip-10-0-140-229.ap-northeast-2.compute.internal systemd[1]: Started api_server.service - Stock API FastAPI Project.
Feb 20 01:01:25 ip-10-0-140-229.ap-northeast-2.compute.internal systemd[1]: api_server.service: Deactivated successfully.
Feb 20 01:01:39 ip-10-0-140-229.ap-northeast-2.compute.internal systemd[1]: Started api_server.service - Stock API FastAPI Project.
Feb 20 01:01:39 ip-10-0-140-229.ap-northeast-2.compute.internal systemd[1]: api_server.service: Deactivated successfully.

안전하지 않다고 한다.
다시 바꾼다.

[Unit]
Description=Stock API FastAPI Project
After=network.target

[Service]
User=nobody
Group=nobody
WorkingDirectory=/home/ec2-user/api_server/
Environment="PATH=/home/ec2-user/api_server/venv/bin:$PATH;PYTHONPATH=/home/ec2-user/api_server/venv/:$PYTHONPATH"
ExecStart=echo $PATH, $PYTHONPATH;


[Install]
WantedBy=multi-user.target
 api_server.service - Stock API FastAPI Project
     Loaded: loaded (/etc/systemd/system/api_server.service; disabled; preset: disabled)
     Active: inactive (dead)

Feb 20 01:02:02 ip-10-0-140-229.ap-northeast-2.compute.internal systemd[1]: api_server.service: Deactivated successfully.
Feb 20 01:02:56 ip-10-0-140-229.ap-northeast-2.compute.internal systemd[1]: Started api_server.service - Stock API FastAPI Project.
Feb 20 01:02:56 ip-10-0-140-229.ap-northeast-2.compute.internal systemd[1]: api_server.service: Main process exited, code=exited, status=216/GROUP
Feb 20 01:02:56 ip-10-0-140-229.ap-northeast-2.compute.internal systemd[1]: api_server.service: Failed with result 'exit-code'.
Feb 20 01:03:09 ip-10-0-140-229.ap-northeast-2.compute.internal systemd[1]: Started api_server.service - Stock API FastAPI Project.
Feb 20 01:03:09 ip-10-0-140-229.ap-northeast-2.compute.internal systemd[1]: api_server.service: Deactivated successfully.
Feb 20 01:05:53 ip-10-0-140-229.ap-northeast-2.compute.internal systemd[1]: Started api_server.service - Stock API FastAPI Project.
Feb 20 01:05:53 ip-10-0-140-229.ap-northeast-2.compute.internal systemd[1]: api_server.service: Deactivated successfully.
Feb 20 01:06:08 ip-10-0-140-229.ap-northeast-2.compute.internal systemd[1]: Started api_server.service - Stock API FastAPI Project.
Feb 20 01:06:08 ip-10-0-140-229.ap-northeast-2.compute.internal systemd[1]: api_server.service: Deactivated successfully.

ec2-user의 그룹이 nobody는 허용이 안되나보다.

ec2-user의 그룹을 linux에서 찾아내야겠다.

cat /etc/passwd
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
operator:x:11:0:operator:/root:/sbin/nologin
games:x:12:100:games:/usr/games:/sbin/nologin
ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
nobody:x:65534:65534:Kernel Overflow User:/:/sbin/nologin
dbus:x:81:81:System message bus:/:/sbin/nologin
systemd-network:x:192:192:systemd Network Management:/:/usr/sbin/nologin
systemd-oom:x:999:999:systemd Userspace OOM Killer:/:/usr/sbin/nologin
systemd-resolve:x:193:193:systemd Resolver:/:/usr/sbin/nologin
sshd:x:74:74:Privilege-separated SSH:/usr/share/empty.sshd:/sbin/nologin
rpc:x:32:32:Rpcbind Daemon:/var/lib/rpcbind:/sbin/nologin
libstoragemgmt:x:997:997:daemon account for libstoragemgmt:/:/usr/sbin/nologin
systemd-coredump:x:996:996:systemd Core Dumper:/:/usr/sbin/nologin
systemd-timesync:x:995:995:systemd Time Synchronization:/:/usr/sbin/nologin
chrony:x:994:994:chrony system user:/var/lib/chrony:/sbin/nologin
ec2-instance-connect:x:993:993::/home/ec2-instance-connect:/sbin/nologin
rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologin
tcpdump:x:72:72::/:/sbin/nologin
ec2-user:x:1000:1000:EC2 Default User:/home/ec2-user:/bin/bash
mysql:x:27:27:MySQL Server:/var/lib/mysql:/sbin/nologin
사용자 이름 : 암호 : 사용자 ID : 사용자가 소속된 그룹 ID : 전체이름 : 홈디렉토리 : 기본셸

사용자 목록을 보고,

cat /etc/group
root:x:0:
bin:x:1:
daemon:x:2:
sys:x:3:
adm:x:4:ec2-user
tty:x:5:
disk:x:6:
lp:x:7:
mem:x:8:
kmem:x:9:
wheel:x:10:ec2-user
cdrom:x:11:
mail:x:12:
man:x:15:
dialout:x:18:
floppy:x:19:
games:x:20:
tape:x:33:
video:x:39:
ftp:x:50:
lock:x:54:
audio:x:63:
users:x:100:
nobody:x:65534:
utmp:x:22:
utempter:x:35:
dbus:x:81:
input:x:104:
kvm:x:36:
render:x:105:
sgx:x:106:
systemd-journal:x:190:ec2-user
systemd-network:x:192:
systemd-oom:x:999:
systemd-resolve:x:193:
ssh_keys:x:998:
sshd:x:74:
rpc:x:32:
libstoragemgmt:x:997:
systemd-coredump:x:996:
systemd-timesync:x:995:
chrony:x:994:
ec2-instance-connect:x:993:
stapusr:x:156:
stapsys:x:157:
stapdev:x:158:
rpcuser:x:29:
screen:x:84:
tcpdump:x:72:
ec2-user:x:1000:
mysql:x:27:

그룹 리스트를 보고

groups ec2-user
ec2-user : ec2-user adm wheel systemd-journal

유저의 그룹을 봐도 모르겠다.

새로 만들기 싫어서 발악했으나 그냥 만들기로 한다.

sudo groupadd nginx
sudo useradd -g nginx nginx
[Unit]
Description=Stock API FastAPI Project
After=network.target

[Service]
User=nginx
Group=nginx
WorkingDirectory=/home/ec2-user/api_server/
Environment="PATH=/home/ec2-user/api_server/venv/bin:$PATH;PYTHONPATH=/home/ec2-user/api_server/venv/:$PYTHONPATH"
ExecStart=echo $PATH, $PYTHONPATH;


[Install]
WantedBy=multi-user.target
× stock_api.service - Stock API FastAPI Project
     Loaded: loaded (/etc/systemd/system/stock_api.service; disabled; preset: disabled)
     Active: failed (Result: exit-code) since Tue 2024-02-20 01:18:00 UTC; 68ms ago
   Duration: 4ms
    Process: 77822 ExecStart=echo $PATH, $PYTHONPATH; (code=exited, status=200/CHDIR)
   Main PID: 77822 (code=exited, status=200/CHDIR)
        CPU: 1ms

Feb 20 01:18:00 ip-10-0-140-229.ap-northeast-2.compute.internal (echo)[77822]: stock_api.service: Failed at step CHDIR spawning echo: Permission denied
Feb 20 01:18:00 ip-10-0-140-229.ap-northeast-2.compute.internal systemd[1]: Started stock_api.service - Stock API FastAPI Project.
Feb 20 01:18:00 ip-10-0-140-229.ap-northeast-2.compute.internal systemd[1]: stock_api.service: Main process exited, code=exited, status=200/CHDIR
Feb 20 01:18:00 ip-10-0-140-229.ap-northeast-2.compute.internal systemd[1]: stock_api.service: Failed with result 'exit-code'.

이제 유저와 그룹에 대해서는 할만큼 했다.
CHDIR에 집중한다.

CentOS에서는 wheel 그룹에 sudo 권한이 있다고 한다.
보안따위 무시하고 과감히 집어넣는다.

sudo usermod -aG wheel nginx
groups nginx
nginx : nginx wheel
# User=nobody
# Group=adm

이것 저것 넣어봤지만 그냥 코멘트로 날려버렸더니 잘된다.
그냥 root로 하면 잘되는 것과 같다. 여기까지만 하자….

전체 과정 블로그 /aws-ec2-mariadb-환경-설정