Discussion:
quoted path on systemd service override
(too old to reply)
Jonathan N. Little
2020-08-29 16:00:37 UTC
Permalink
Question on a strange observed behavior. I am developing a kiosk system
for the library's Public Access Catalog. This time instead of futzing
with kiosk modes of browsers, Chrome and Firefox where securing them is
a moving target, I build a minimal system with python PyQt5 QTWebEngine.
A lot easier to on ADD what you need instead of using a full browser and
trying to remove what you don't. To have it auto launch in the kiosk
user I had to override systemd's ***@tty1.service to setup the autologin.

sudo systemctl edit ***@tty1.service

creates the override.conf file and path, but strangely inserts single
quotes around the generated ***@tty1.service.d subdirectory:

/etc/systemd/system/'***@tty1.service.d'/override.conf

and not

/etc/systemd/system/***@tty1.service.d/override.conf

Why?

And you cannot manually modify either, it always reverts back to the
path with quotes. Odd.
--
Take care,

Jonathan
-------------------
LITTLE WORKS STUDIO
http://www.LittleWorksStudio.com
Mike Easter
2020-08-29 16:25:14 UTC
Permalink
Post by Jonathan N. Little
I am developing a kiosk system
for the library's Public Access Catalog. This time instead of futzing
with kiosk modes of browsers, Chrome and Firefox where securing them is
a moving target, I build a minimal system with python PyQt5 QTWebEngine.
A lot easier to on ADD what you need instead of using a full browser and
trying to remove what you don't.
Off-topic re your qx; Did such as Porteus kiosk distro not do a job
satisfactory for your use of their kiosk distro? Apparently Porteus
uses Ffx & Chrome in a manner which it considers 'locked down'.

If you have fooled w/ the porteus distro, what do you think of their
kiosk wizard tool?
--
Mike Easter
Jonathan N. Little
2020-08-29 18:48:51 UTC
Permalink
Post by Mike Easter
  I am developing a kiosk system
for the library's Public Access Catalog. This time instead of futzing
with kiosk modes of browsers, Chrome and Firefox where securing them is
a moving target, I build a minimal system with python PyQt5 QTWebEngine.
A lot easier to on ADD what you need instead of using a full browser and
trying to remove what you don't.
Off-topic re your qx; Did such as Porteus kiosk distro not do a job
satisfactory for your use of their kiosk distro?  Apparently Porteus
uses Ffx & Chrome in a manner which it considers 'locked down'.
No I didn't. However I previously used Chrome in kiosk mode with nodm
and changes to Chrome over time made it a bit of a slog keeping it
locked down. Also it is a lot easier not to have features in the first
place then have to remove or disable them afterward, (kinda like the
difference between Windows and Linux security). Also I run Ubuntu on
systems at library so easier to maintain one distro. What I worked out
was pretty slick.

barebones Ubuntu install just OS.

added ssh server for remote maintenance

added openbox for wm striped down menu so no desktop or other features

simple python QTWebEngine browser with no chrome, menus, address bar,
etc, and runs maximized. Added feature that monitored browser url to
keep browser restricted to OPAC domain. And external links in catalog
would return user to catalog home. Prevents patrons from using OPAC
instead of signing up for public systems.

simple script loop launches python script so if browser shuts down just
restarts

systemd autologin server to startup with unpriviaged user pac, session
starts startx, openbox autostart starts script that start the kiosk browser.

Simple. The hardest part was the original concept that I referenced was
a decade old, so re-imaging init to systemd, no more gtk webkit now
pyqt5 and even qtwebkit is replace with qtwebengine. A lot has changed
in a decade. But happy with results.
Post by Mike Easter
If you have fooled w/ the porteus distro, what do you think of their
kiosk wizard tool?
--
Take care,

Jonathan
-------------------
LITTLE WORKS STUDIO
http://www.LittleWorksStudio.com
Aragorn
2020-08-29 17:24:04 UTC
Permalink
Post by Jonathan N. Little
Question on a strange observed behavior. I am developing a kiosk
system for the library's Public Access Catalog. This time instead of
futzing with kiosk modes of browsers, Chrome and Firefox where
securing them is a moving target, I build a minimal system with
python PyQt5 QTWebEngine. A lot easier to on ADD what you need
instead of using a full browser and trying to remove what you don't.
To have it auto launch in the kiosk user I had to override systemd's
creates the override.conf file and path, but strangely inserts single
and not
Why?
And you cannot manually modify either, it always reverts back to the
path with quotes. Odd.
I suspect it's because of the "@" character in the path. Usually this
is used for specifying a login at a remote machine.
--
With respect,
= Aragorn =
Mike Easter
2020-08-29 17:30:43 UTC
Permalink
Post by Aragorn
Post by Jonathan N. Little
creates the override.conf file and path, but strangely inserts single
and not
Why?
And you cannot manually modify either, it always reverts back to the
path with quotes. Odd.
is used for specifying a login at a remote machine.
On my default Live Neon, the existing:

/etc/systemd/system/getty.target.wants/

...contains the file ***@tty1.service

... but the entire directory does not contain any directories w/ @, nor
any directories w/ *.d.
--
Mike Easter
Aragorn
2020-08-29 18:13:08 UTC
Permalink
Post by Mike Easter
Post by Jonathan N. Little
creates the override.conf file and path, but strangely inserts
and not
Why?
And you cannot manually modify either, it always reverts back to
the path with quotes. Odd.
this is used for specifying a login at a remote machine.
/etc/systemd/system/getty.target.wants/
nor any directories w/ *.d.
What the shell shows the filename to be and what it really is, isn't
always the same thing.

On my Manjaro system here, the shell will also always put single quotes
around any filename that has spaces or other funny characters in it,
but those single quotes are not part of the actual filename. It's just
how the shell presents the file to you, so that it wouldn't have to
print the backslash as an escape character before each of the funny
characters.

'This is a file.mpeg'

... is more readable than...

This\ is\ a\ file.mpeg

;)
--
With respect,
= Aragorn =
gamo
2020-08-29 18:40:14 UTC
Permalink
Post by Aragorn
Post by Mike Easter
Post by Jonathan N. Little
creates the override.conf file and path, but strangely inserts
and not
Why?
And you cannot manually modify either, it always reverts back to
the path with quotes. Odd.
this is used for specifying a login at a remote machine.
/etc/systemd/system/getty.target.wants/
nor any directories w/ *.d.
What the shell shows the filename to be and what it really is, isn't
always the same thing.
On my Manjaro system here, the shell will also always put single quotes
around any filename that has spaces or other funny characters in it,
but those single quotes are not part of the actual filename. It's just
how the shell presents the file to you, so that it wouldn't have to
print the backslash as an escape character before each of the funny
characters.
'This is a file.mpeg'
... is more readable than...
This\ is\ a\ file.mpeg
;)
BINGO! that's it, if you inspect the filename chr(39) doesn't even
exists, so you could be fooled. Thanks!

Ps: So the problem it's in the programs that could not handle it.
--
http://gamo.sdf-eu.org/
“Aoccdrnig to a rscheearch at Cmabrigde Uinervtisy, it deosn't mttaer
in waht oredr the ltteers in a wrod are, the olny iprmoetnt tihng is
taht the frist and lsat ltteer be at the rghit pclae. The rset can be
a toatl mses and you can sitll raed it wouthit porbelm. Tihs is bcuseae
the huamn mnid deos not raed ervey lteter by istlef, but the wrod as
a wlohe.”
Mike Easter
2020-08-29 18:59:37 UTC
Permalink
Post by Aragorn
What the shell shows the filename to be and what it really is, isn't
always the same thing.
On my Manjaro system here, the shell will also always put single quotes
around any filename that has spaces or other funny characters in it,
but those single quotes are not part of the actual filename. It's just
how the shell presents the file to you, so that it wouldn't have to
print the backslash as an escape character before each of the funny
characters.
'This is a file.mpeg'
... is more readable than...
This\ is\ a\ file.mpeg
- I clearly accept that the space char is a problem.

However, if I find discussions of special chars for bash etc, that
doesn't really do the job. I did find a discussion which showed a
technique for determining which chars needed to be escaped, and the @
wasn't one of them.

https://stackoverflow.com/questions/15783701/which-characters-need-to-be-escaped-when-using-bash
https://stackoverflow.com/a/44581064
Post by Aragorn
No, character % does not need to be escaped
No, character + does not need to be escaped
No, character - does not need to be escaped
No, character . does not need to be escaped
No, character / does not need to be escaped
No, character : does not need to be escaped
No, character = does not need to be escaped
No, character _ does not need to be escaped
Yes, character needs to be escaped
Yes, character ! needs to be escaped
Yes, character " needs to be escaped
Yes, character # needs to be escaped
Yes, character $ needs to be escaped
Yes, character & needs to be escaped
Yes, character ' needs to be escaped
Yes, character ( needs to be escaped
Yes, character ) needs to be escaped
Yes, character * needs to be escaped
Yes, character , needs to be escaped
Yes, character ; needs to be escaped
Yes, character < needs to be escaped
Yes, character > needs to be escaped
Yes, character ? needs to be escaped
Yes, character [ needs to be escaped
Yes, character \ needs to be escaped
Yes, character ] needs to be escaped
Yes, character ^ needs to be escaped
Yes, character ` needs to be escaped
Yes, character { needs to be escaped
Yes, character | needs to be escaped
Yes, character } needs to be escaped
I don't really understand the strategy, tho...

? Maybe the systemctl edit logic is in error ?
--
Mike Easter
Aragorn
2020-08-30 06:59:16 UTC
Permalink
Post by Mike Easter
Post by Aragorn
What the shell shows the filename to be and what it really is, isn't
always the same thing.
On my Manjaro system here, the shell will also always put single
quotes around any filename that has spaces or other funny
characters in it, but those single quotes are not part of the
actual filename. It's just how the shell presents the file to you,
so that it wouldn't have to print the backslash as an escape
character before each of the funny characters.
'This is a file.mpeg'
... is more readable than...
This\ is\ a\ file.mpeg
- I clearly accept that the space char is a problem.
However, if I find discussions of special chars for bash etc, that
doesn't really do the job. I did find a discussion which showed a
wasn't one of them.
https://stackoverflow.com/questions/15783701/which-characters-need-to-be-escaped-when-using-bash
https://stackoverflow.com/a/44581064
Post by Aragorn
No, character % does not need to be escaped
No, character + does not need to be escaped
No, character - does not need to be escaped
No, character . does not need to be escaped
No, character / does not need to be escaped
The forward slash is illegal in a POSIX filename, as it is the directory
delimiter.
Post by Mike Easter
Post by Aragorn
No, character : does not need to be escaped
It does on my system.
Post by Mike Easter
Post by Aragorn
No, character = does not need to be escaped
No, character _ does not need to be escaped
Yes, character needs to be escaped
Yes, character ! needs to be escaped
Yes, character " needs to be escaped
Yes, character # needs to be escaped
Yes, character $ needs to be escaped
Yes, character & needs to be escaped
Yes, character ' needs to be escaped
Yes, character ( needs to be escaped
Yes, character ) needs to be escaped
Yes, character * needs to be escaped
Yes, character , needs to be escaped
Yes, character ; needs to be escaped
Yes, character < needs to be escaped
Yes, character > needs to be escaped
Yes, character ? needs to be escaped
Yes, character [ needs to be escaped
Yes, character \ needs to be escaped
Yes, character ] needs to be escaped
Yes, character ^ needs to be escaped
Yes, character ` needs to be escaped
Yes, character { needs to be escaped
Yes, character | needs to be escaped
Yes, character } needs to be escaped
I don't really understand the strategy, tho...
? Maybe the systemctl edit logic is in error ?
It might depend on either the shell options or on the filesystem type,
or both.
--
With respect,
= Aragorn =
Jonathan N. Little
2020-08-29 18:58:36 UTC
Permalink
Post by Aragorn
Post by Jonathan N. Little
Question on a strange observed behavior. I am developing a kiosk
system for the library's Public Access Catalog. This time instead of
futzing with kiosk modes of browsers, Chrome and Firefox where
securing them is a moving target, I build a minimal system with
python PyQt5 QTWebEngine. A lot easier to on ADD what you need
instead of using a full browser and trying to remove what you don't.
To have it auto launch in the kiosk user I had to override systemd's
creates the override.conf file and path, but strangely inserts single
and not
Why?
And you cannot manually modify either, it always reverts back to the
path with quotes. Odd.
is used for specifying a login at a remote machine.
Yep that's it. Strangely enough you can access without the ''.
--
Take care,

Jonathan
-------------------
LITTLE WORKS STUDIO
http://www.LittleWorksStudio.com
Continue reading on narkive:
Loading...