[systemd-devel] [PATCH] Create a new logind session from a systemd --user unit

Abdó Roig-Maranges abdo.roig at gmail.com
Mon Jul 29 09:19:07 PDT 2013


> Then, I want to manually launch my window manager, in a new logind session for
> my user, on a different tty.
> I tried adding User and PAMName to my window manager unit awesome.service
> <...>
> The unit fails with message
> systemd[21209]: Failed at step GROUP spawning /home/abdo/.config/systemd/scripts/awesome.sh: Operation not permitted

Ok, more to the point.

I think initgroups in core/execute.c always needs privileges. It is always
called when User=blah is set on a service file and always fails on systemd user
instances for unprivileged users. This prevents from using PAM within a systemd
user instance, for example.

I attach a patch that makes a call to initgroups only when we ask for a
different user than the one for the running instance (when the group access list
may be different). I'm not certain whether this would break something else,

Also, there is dbus policy preventing from accessing the CreateSession method
in logind1.Manager from unprivileged users. Is this intentional? 


Abdó Roig.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: systemd-initgroups.patch
Type: text/x-diff
Size: 1840 bytes
Desc: initgroups patch
URL: <http://lists.freedesktop.org/archives/systemd-devel/attachments/20130729/0ce0a023/attachment.patch>

More information about the systemd-devel mailing list