Resposta para # 3:
Confira as diretivas RuntimeDirectory=
& RuntimeDirectoryMode=
. Documentos completos aqui . Mas em resumo (pequena modificação no texto, mas a essência deve permanecer):
RuntimeDirectory=
This option take a whitespace-separated list of directory names. The
specified directory names must be relative, and may not include "..". If
set, one or more directories by the specified names will be created
(including their parents) below /run (for system services) or below
$XDG_RUNTIME_DIR (for user services) when the unit is started. Also, the
$RUNTIME_DIRECTORY environment variable is defined with the full path of
directories. If multiple directories are set, then in the environment
variable the paths are concatenated with colon (":").
The innermost subdirectories are removed when the unit is stopped. It is
possible to preserve the specified directories in this case if
RuntimeDirectoryPreserve= is configured to restart or yes. The innermost
specified directories will be owned by the user and group specified in
User= and Group=.
If the specified directories already exist and their owning user or group
do not match the configured ones, all files and directories below the
specified directories as well as the directories themselves will have their
file ownership recursively changed to match what is configured. As an
optimization, if the specified directories are already owned by the right
user and group, files and directories below of them are left as-is, even if
they do not match what is requested. The innermost specified directories
will have their access mode adjusted to the what is specified in
RuntimeDirectoryMode=.
Use RuntimeDirectory= to manage one or more runtime directories for the
unit and bind their lifetime to the daemon runtime. This is particularly
useful for unprivileged daemons that cannot create runtime directories in
/run due to lack of privileges, and to make sure the runtime directory is
cleaned up automatically after use. For runtime directories that require
more complex or different configuration or lifetime guarantees, please
consider using tmpfiles.d(5).
RuntimeDirectoryMode=
Specifies the access mode of the directories specified in
RuntimeDirectory= as an octal number. Defaults to 0755. See "Permissions"
in path_resolution(7) for a discussion of the meaning of permission bits.
Então, para alavancar isso, isso deve fazer o truque:
[Unit]
Description=Startup Thing
[Service]
Type=oneshot
ExecStart=/usr/bin/python3 -u /opt/thing/doStartup
WorkingDirectory=/opt/thing
StandardOutput=journal
User=thingUser
# Make sure the /run/thing directory exists
PermissionsStartOnly=true
RuntimeDirectory=thing
RuntimeDirectoryMode=0777
[Install]
WantedBy=multi-user.target
ExecStartPre
execução é raiz é aPermissionsStartOnly=true
diretiva. Ele restringe aUser
diretiva apenas aoExecStart
comando. Veja freedesktop.org/software/systemd/man/systemd.service.html