[systemd-devel] SocketUser and SocketGroup?
Josh Triplett
josh at joshtriplett.org
Sat Jan 25 12:58:55 PST 2014
Some daemons provide an access-controlled service via UNIX domain
sockets that have a specified user or group, and a mode like 0660. For
instance, clamd does this. systemd .socket units don't support setting
the user or group; systemd always creates sockets as root:root. This
prevents replacing the socket setup code in such daemons with socket
activation, or requires workarounds such as shelling out to chown.
Commit aea54018a5e66a41318afb6c6be745b6aef48d9e
(http://cgit.freedesktop.org/systemd/systemd/commit/?id=aea54018a5e66a41318afb6c6be745b6aef48d9e)
added support for SocketUser and SocketGroup options, to set the
user and group for a UNIX domain socket or FIFO. However, commit
e4f44e734c4f397ee5e7ba3270e014a8ae0043dd
(http://cgit.freedesktop.org/systemd/systemd/commit/?id=e4f44e734c4f397ee5e7ba3270e014a8ae0043dd)
shortly afterward reverted that, removing the new options.
Is this due to the issues with touching NSS from PID 1?
What might it take to add those options back?
- Josh Triplett
More information about the systemd-devel
mailing list