fix(neuron): run service as neuron user, not cortex

neuron and cortex are independent packages installable on different hosts. Having neuron run under a 'cortex' system user implied a shared identity that doesn't exist. Give neuron its own user/group. - New data/neuron-sysusers.conf declares the neuron user/group with home /var/lib/neuron. - systemd unit User/Group changed to neuron. - Spec file attrs, explicit Provides, and %sysusers_create_compat updated to reference the neuron user. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-16 13:32:36 +03:00
parent 2ce1060cb8
commit db8ad309b4
3 changed files with 14 additions and 11 deletions
--- a/data/neuron-sysusers.conf
+++ b/data/neuron-sysusers.conf
@@ -0,0 +1,3 @@
+g neuron - -
+u neuron - "Neuron GPU node daemon" /var/lib/neuron /sbin/nologin
+m neuron neuron
--- a/data/neuron.service
+++ b/data/neuron.service
@@ -8,8 +8,8 @@ Type=simple
 ExecStart=/usr/bin/neuron --config /etc/neuron/neuron.toml
 Restart=on-failure
 RestartSec=5
-User=cortex
-Group=cortex
+User=neuron
+Group=neuron

 [Install]
 WantedBy=multi-user.target
--- a/neuron.spec
+++ b/neuron.spec
@@ -22,11 +22,11 @@ BuildRequires:  systemd-rpm-macros
 Requires(pre):  shadow-utils
 Requires:       systemd

-# rpm's sysusers provides-generator only emits versioned user(cortex) when
-# the u-line has GECOS/home/shell fields. %attr(,,cortex) in %files emits
-# an unversioned Requires: user(cortex), so we provide it explicitly.
-Provides:       user(cortex)
-Provides:       group(cortex)
+# rpm's sysusers provides-generator only emits versioned user(neuron) when
+# the u-line has GECOS/home/shell fields. %attr(,,neuron) in %files emits
+# an unversioned Requires: user(neuron), so we provide it explicitly.
+Provides:       user(neuron)
+Provides:       group(neuron)

 %description
 Neuron is a per-node daemon for cortex inference clusters. It discovers
@@ -51,12 +51,12 @@ cargo build --release -p neuron
 %install
 install -Dm755 target/release/neuron %{buildroot}%{_bindir}/neuron
 install -Dm644 data/neuron.service %{buildroot}%{_unitdir}/neuron.service
-install -Dm644 data/cortex-sysusers.conf %{buildroot}%{_sysusersdir}/neuron.conf
+install -Dm644 data/neuron-sysusers.conf %{buildroot}%{_sysusersdir}/neuron.conf
 install -dm750 %{buildroot}%{_sysconfdir}/neuron
 install -Dm640 neuron.example.toml %{buildroot}%{_sysconfdir}/neuron/neuron.toml

 %pre
-%sysusers_create_compat %{_builddir}/%{name}-%{version}/data/cortex-sysusers.conf
+%sysusers_create_compat %{_builddir}/%{name}-%{version}/data/neuron-sysusers.conf

 %post
 %systemd_post neuron.service
@@ -73,8 +73,8 @@ install -Dm640 neuron.example.toml %{buildroot}%{_sysconfdir}/neuron/neuron.toml
 %{_bindir}/neuron
 %{_unitdir}/neuron.service
 %{_sysusersdir}/neuron.conf
-%dir %attr(750,root,cortex) %{_sysconfdir}/neuron
-%config(noreplace) %attr(640,root,cortex) %{_sysconfdir}/neuron/neuron.toml
+%dir %attr(750,root,neuron) %{_sysconfdir}/neuron
+%config(noreplace) %attr(640,root,neuron) %{_sysconfdir}/neuron/neuron.toml

 %changelog
 * Tue Apr 15 2026 Rob Thijssen <grenade@rob.tn> - 0.1.0-1