[systemd-devel] systemctl as non-root

[Umut Tezduyar Lindskog]

On Fri, May 29, 2015 at 5:26 AM, Andrei Borzenkov <arvidjaar at gmail.com> wrote:
> В Thu, 28 May 2015 17:21:14 -0700
> Aaron_Wright at selinc.com пишет:
>
>> Brandon Philips <brandon at ifup.co> wrote on 05/28/2015 05:10:33 PM:
>> > Access to the system dbus is controlled by dbus policies. You will
>> > need to write a policy for giving this user access to the systemd1
>> object.
>> >
>>
>> I compiled systemd without dbus support (--disable-dbus), and there is no
>> dbus daemon or dbus lib on the system. Is that a requirement to get the
>> functionality I want? I didn't see much need for dbus as the system works
>> quite well without it. Well, except for this of course.
>>
>> > On May 28, 2015 2:28 PM, <Aaron_Wright at selinc.com> wrote:
>> >> I'm working on an embedded system, and I ran into a situation where
>> >> a non-root user needs to runs systemctl, but when I try I get:
>> >> ~ $ systemctl status
>> >> Failed to get D-Bus connection: No such file or directory
>> >>
>> >> So, I try with the suid bit on systemctl set, but then I get:
>> >>
>> >> ~ $ systemctl status
>> >> Failed to read server status: Operation not permitted
>> >>
>> >> My question is, is something broken, or is this expected behavior?
>
> If you do not use D-Bus daemon systemd will be listening on private
> socket. In this case the only check it does is that peer runs as UID=0
> (note - not EUID, so suid does not really help).
I think with or without dbus systemd listens on the private socket
(/run/systemd/private).
Umut
>
> I wonder how access control is implemented in kdbus case.
> _______________________________________________
> systemd-devel mailing list
> systemd-devel at lists.freedesktop.org
> http://lists.freedesktop.org/mailman/listinfo/systemd-devel