[systemd-devel] systemctl as non-root

Andrei Borzenkov arvidjaar at gmail.com
Thu May 28 20:26:49 PDT 2015


В Thu, 28 May 2015 17:21:14 -0700
Aaron_Wright at selinc.com пишет:

> Brandon Philips <brandon at ifup.co> wrote on 05/28/2015 05:10:33 PM:
> > Access to the system dbus is controlled by dbus policies. You will 
> > need to write a policy for giving this user access to the systemd1 
> object.
> >
> 
> I compiled systemd without dbus support (--disable-dbus), and there is no 
> dbus daemon or dbus lib on the system. Is that a requirement to get the 
> functionality I want? I didn't see much need for dbus as the system works 
> quite well without it. Well, except for this of course.
> 
> > On May 28, 2015 2:28 PM, <Aaron_Wright at selinc.com> wrote:
> >> I'm working on an embedded system, and I ran into a situation where 
> >> a non-root user needs to runs systemctl, but when I try I get: 
> >> ~ $ systemctl status 
> >> Failed to get D-Bus connection: No such file or directory 
> >> 
> >> So, I try with the suid bit on systemctl set, but then I get: 
> >> 
> >> ~ $ systemctl status 
> >> Failed to read server status: Operation not permitted 
> >> 
> >> My question is, is something broken, or is this expected behavior?

If you do not use D-Bus daemon systemd will be listening on private
socket. In this case the only check it does is that peer runs as UID=0
(note - not EUID, so suid does not really help).

I wonder how access control is implemented in kdbus case.


More information about the systemd-devel mailing list