[systemd-devel] systemctl as non-root
Lennart Poettering
lennart at poettering.net
Fri May 29 03:04:04 PDT 2015
On Fri, 29.05.15 10:54, Umut Tezduyar Lindskog (umut at tezduyar.com) wrote:
> On Fri, May 29, 2015 at 10:23 AM, Andrei Borzenkov <arvidjaar at gmail.com> wrote:
> > On Fri, May 29, 2015 at 11:05 AM, Umut Tezduyar Lindskog
> > <umut at tezduyar.com> wrote:
> >>>> > On May 28, 2015 2:28 PM, <Aaron_Wright at selinc.com> wrote:
> >>>> >> I'm working on an embedded system, and I ran into a situation where
> >>>> >> a non-root user needs to runs systemctl, but when I try I get:
> >>>> >> ~ $ systemctl status
> >>>> >> Failed to get D-Bus connection: No such file or directory
> >>>> >>
> >>>> >> So, I try with the suid bit on systemctl set, but then I get:
> >>>> >>
> >>>> >> ~ $ systemctl status
> >>>> >> Failed to read server status: Operation not permitted
> >>>> >>
> >>>> >> My question is, is something broken, or is this expected behavior?
> >>>
> >>> If you do not use D-Bus daemon systemd will be listening on private
> >>> socket. In this case the only check it does is that peer runs as UID=0
> >>> (note - not EUID, so suid does not really help).
> >> I think with or without dbus systemd listens on the private socket
> >> (/run/systemd/private).
> >
> > No, private socket is used only as fallback when full D-Bus is not available.
>
> I don't think so.
>
> root at lnxumuttl:/home/umuttl/Development# strace -f systemctl 2>&1 | grep connect
> connect(3, {sa_family=AF_LOCAL, sun_path="/run/systemd/private"}, 22) = 0
> root at lnxumuttl:/home/umuttl/Development# systemctl status dbus
> ● dbus.service - D-Bus System Message Bus
> Loaded: loaded (/lib/systemd/system/dbus.service; static)
> Active: active (running) since Tue 2015-05-26 16:43:56 CEST; 2 days ago
> Docs: man:dbus-daemon(1)
> Main PID: 967 (dbus-daemon)
> CGroup: /system.slice/dbus.service
> └─967 /usr/bin/dbus-daemon --system --address=systemd:
> --nofork --nopidfile --systemd-activation
We always listen on the private socket. We also listen on the proper
bus, but only if dbus-daemon is actually running.
Lennart
--
Lennart Poettering, Red Hat
More information about the systemd-devel
mailing list