https://access.redhat.com/solutions/1341723
How to prevent console and ssh logins until a service has started in RHEL7
SOLUTION 已验证 - 已更新 2015年二月28日00:36 -
环境
- Red Hat Enterprise Linux 7
问题
- We have a custom service that starts a configuration script. We don't want the RHEL7 system to allow any logins (including ssh or local black & white ttys) until the script has finished. How?
- How to disallow login in RHEL 7 until a SysV init script has finished?
决议
-
Create a unit file for the service which must be started before logins are allowed
The file should be located in either/usr/lib/systemd/system/
or/etc/systemd/system/
1
A service unit named MYSERVICE would have file namedMYSERVICE.service
-
Ensure the service definition2 meets AT LEAST the following conditions
[Unit] Before=sshd.service systemd-logind.service [email protected] [Service] Type=oneshot ExecStart=/path/to/script "script args" "more script args" TimeoutStartSec=0 [Install] RequiredBy=sshd.service systemd-logind.service [email protected]
-
After modifying (or creating) the service unit file, run the following commands, even if MYSERVICE was already enabled
systemctl daemon-reload systemctl enable MYSERVICE.service
-
Reboot and note that sshd and console login screens (not including serial) will fail to start until MYSERVICE has started
-
See UNIT LOAD PATH section of systemd.unit(5) man page ↩
-
For more detail, see: How to make custom script that runs automatically during boot up in RHEL7? ↩