From 9697fbae73b44ed3997d0315828f5782bea15e59 Mon Sep 17 00:00:00 2001 From: rob thijssen Date: Thu, 16 Apr 2026 13:32:36 +0300 Subject: [PATCH] fix(neuron): run service as neuron user, not cortex neuron and cortex are independent packages installable on different hosts. Having neuron run under a 'cortex' system user implied a shared identity that doesn't exist. Give neuron its own user/group. - New data/neuron-sysusers.conf declares the neuron user/group with home /var/lib/neuron. - systemd unit User/Group changed to neuron. - Spec file attrs, explicit Provides, and %sysusers_create_compat updated to reference the neuron user. Co-Authored-By: Claude Opus 4.6 (1M context) --- data/neuron-sysusers.conf | 3 +++ data/neuron.service | 4 ++-- neuron.spec | 18 +++++++++--------- 3 files changed, 14 insertions(+), 11 deletions(-) create mode 100644 data/neuron-sysusers.conf diff --git a/data/neuron-sysusers.conf b/data/neuron-sysusers.conf new file mode 100644 index 0000000..8f9cc90 --- /dev/null +++ b/data/neuron-sysusers.conf @@ -0,0 +1,3 @@ +g neuron - - +u neuron - "Neuron GPU node daemon" /var/lib/neuron /sbin/nologin +m neuron neuron diff --git a/data/neuron.service b/data/neuron.service index bcb0e34..84428dd 100644 --- a/data/neuron.service +++ b/data/neuron.service @@ -8,8 +8,8 @@ Type=simple ExecStart=/usr/bin/neuron --config /etc/neuron/neuron.toml Restart=on-failure RestartSec=5 -User=cortex -Group=cortex +User=neuron +Group=neuron [Install] WantedBy=multi-user.target diff --git a/neuron.spec b/neuron.spec index 96620ac..c1448da 100644 --- a/neuron.spec +++ b/neuron.spec @@ -22,11 +22,11 @@ BuildRequires: systemd-rpm-macros Requires(pre): shadow-utils Requires: systemd -# rpm's sysusers provides-generator only emits versioned user(cortex) when -# the u-line has GECOS/home/shell fields. %attr(,,cortex) in %files emits -# an unversioned Requires: user(cortex), so we provide it explicitly. -Provides: user(cortex) -Provides: group(cortex) +# rpm's sysusers provides-generator only emits versioned user(neuron) when +# the u-line has GECOS/home/shell fields. %attr(,,neuron) in %files emits +# an unversioned Requires: user(neuron), so we provide it explicitly. +Provides: user(neuron) +Provides: group(neuron) %description Neuron is a per-node daemon for cortex inference clusters. It discovers @@ -51,12 +51,12 @@ cargo build --release -p neuron %install install -Dm755 target/release/neuron %{buildroot}%{_bindir}/neuron install -Dm644 data/neuron.service %{buildroot}%{_unitdir}/neuron.service -install -Dm644 data/cortex-sysusers.conf %{buildroot}%{_sysusersdir}/neuron.conf +install -Dm644 data/neuron-sysusers.conf %{buildroot}%{_sysusersdir}/neuron.conf install -dm750 %{buildroot}%{_sysconfdir}/neuron install -Dm640 neuron.example.toml %{buildroot}%{_sysconfdir}/neuron/neuron.toml %pre -%sysusers_create_compat %{_builddir}/%{name}-%{version}/data/cortex-sysusers.conf +%sysusers_create_compat %{_builddir}/%{name}-%{version}/data/neuron-sysusers.conf %post %systemd_post neuron.service @@ -73,8 +73,8 @@ install -Dm640 neuron.example.toml %{buildroot}%{_sysconfdir}/neuron/neuron.toml %{_bindir}/neuron %{_unitdir}/neuron.service %{_sysusersdir}/neuron.conf -%dir %attr(750,root,cortex) %{_sysconfdir}/neuron -%config(noreplace) %attr(640,root,cortex) %{_sysconfdir}/neuron/neuron.toml +%dir %attr(750,root,neuron) %{_sysconfdir}/neuron +%config(noreplace) %attr(640,root,neuron) %{_sysconfdir}/neuron/neuron.toml %changelog * Tue Apr 15 2026 Rob Thijssen - 0.1.0-1