[systemd-devel] systemctl as non-root
Andrei Borzenkov
arvidjaar at gmail.com
Thu May 28 20:26:49 PDT 2015
В Thu, 28 May 2015 17:21:14 -0700
Aaron_Wright at selinc.com пишет:
> Brandon Philips <brandon at ifup.co> wrote on 05/28/2015 05:10:33 PM:
> > Access to the system dbus is controlled by dbus policies. You will
> > need to write a policy for giving this user access to the systemd1
> object.
> >
>
> I compiled systemd without dbus support (--disable-dbus), and there is no
> dbus daemon or dbus lib on the system. Is that a requirement to get the
> functionality I want? I didn't see much need for dbus as the system works
> quite well without it. Well, except for this of course.
>
> > On May 28, 2015 2:28 PM, <Aaron_Wright at selinc.com> wrote:
> >> I'm working on an embedded system, and I ran into a situation where
> >> a non-root user needs to runs systemctl, but when I try I get:
> >> ~ $ systemctl status
> >> Failed to get D-Bus connection: No such file or directory
> >>
> >> So, I try with the suid bit on systemctl set, but then I get:
> >>
> >> ~ $ systemctl status
> >> Failed to read server status: Operation not permitted
> >>
> >> My question is, is something broken, or is this expected behavior?
If you do not use D-Bus daemon systemd will be listening on private
socket. In this case the only check it does is that peer runs as UID=0
(note - not EUID, so suid does not really help).
I wonder how access control is implemented in kdbus case.
More information about the systemd-devel
mailing list