[systemd-devel] Use of capabilities in default service files
David Herrmann
dh.herrmann at gmail.com
Tue Jul 21 04:40:23 PDT 2015
Hi
On Tue, Jul 21, 2015 at 1:24 PM, Florian Weimer <fweimer at redhat.com> wrote:
> And that's fine. But doing hardening for UID=0 services seems a very
> bad practice to me because it looks like someone is assuming that UID=0
> without capabilities is just another “nobody” user. Which is not
> surprising, because capabilities are often advertised that way.
The capability restrictions are used as additional access
restrictions. They're never treated as ultimate/definite restriction.
If a service runs as uid=0, then there's usually an immediate need for
it. In most cases we drop access rights after setup. The only
exceptions I'm aware of are logind and pid1, which require uid=0 (if
run on host).
Thanks
David
More information about the systemd-devel
mailing list