[systemd-devel] systemctl as non-root
Umut Tezduyar Lindskog
umut at tezduyar.com
Fri May 29 01:54:00 PDT 2015
On Fri, May 29, 2015 at 10:23 AM, Andrei Borzenkov <arvidjaar at gmail.com> wrote:
> On Fri, May 29, 2015 at 11:05 AM, Umut Tezduyar Lindskog
> <umut at tezduyar.com> wrote:
>>>> > On May 28, 2015 2:28 PM, <Aaron_Wright at selinc.com> wrote:
>>>> >> I'm working on an embedded system, and I ran into a situation where
>>>> >> a non-root user needs to runs systemctl, but when I try I get:
>>>> >> ~ $ systemctl status
>>>> >> Failed to get D-Bus connection: No such file or directory
>>>> >>
>>>> >> So, I try with the suid bit on systemctl set, but then I get:
>>>> >>
>>>> >> ~ $ systemctl status
>>>> >> Failed to read server status: Operation not permitted
>>>> >>
>>>> >> My question is, is something broken, or is this expected behavior?
>>>
>>> If you do not use D-Bus daemon systemd will be listening on private
>>> socket. In this case the only check it does is that peer runs as UID=0
>>> (note - not EUID, so suid does not really help).
>> I think with or without dbus systemd listens on the private socket
>> (/run/systemd/private).
>
> No, private socket is used only as fallback when full D-Bus is not available.
I don't think so.
root at lnxumuttl:/home/umuttl/Development# strace -f systemctl 2>&1 | grep connect
connect(3, {sa_family=AF_LOCAL, sun_path="/run/systemd/private"}, 22) = 0
root at lnxumuttl:/home/umuttl/Development# systemctl status dbus
● dbus.service - D-Bus System Message Bus
Loaded: loaded (/lib/systemd/system/dbus.service; static)
Active: active (running) since Tue 2015-05-26 16:43:56 CEST; 2 days ago
Docs: man:dbus-daemon(1)
Main PID: 967 (dbus-daemon)
CGroup: /system.slice/dbus.service
└─967 /usr/bin/dbus-daemon --system --address=systemd:
--nofork --nopidfile --systemd-activation
More information about the systemd-devel
mailing list