[systemd-devel] Best way to limit per-user system-wide units

Michael Chapman mike at very.puzzling.org
Tue Dec 13 22:56:13 UTC 2016

On Wed, 14 Dec 2016, Samuel Williams wrote:
> The nice thing about sudo is that it is a general framework that is
> well tested, well documented, and works everywhere... polkit, less so.
> Even with the best of intentions, looking at how well people have
> managed to script security features (e.g. look at the whole ethereum
> contract fiasco), stuff in that PR makes me a bit worried. What's the
> chance someone screws up a security rule? JavaScript is only a small
> step up from PHP in terms of semantic rigour, so I'd be concerned
> about that too.

Well, given I opened the PR, I'd hope the chance is very low -- at least, 
no more than sudo. At least the JavaScript is given a minimal standard 
library, it's sandboxed and run as an unprivileged user. :-p

I always think the problem with sudo is that it turns "mere bugs" into 
security vulnerabilities. systemctl was designed to be run both by root 
and by users -- but if there's a bug in it, then such a bug does not on 
its own grant users any more privileges than they would have normally. It 
wasn't designed to be run _as_ root _by_ a user; so using systemctl 
through sudo is effectively using it outside its design parameters.

Anyhow, this isn't really the right time or place to discuss sudo vs other 
authentication frameworks. I'm afraid I don't have any better suggestions 

- Michael

More information about the systemd-devel mailing list