[systemd-devel] User service with suid executable
Martin Novák
mtnvk at seznam.cz
Thu Jan 7 15:14:48 PST 2016
Hello,
I've created this (toy) user service for running desktop of differnt
user:
[Service]
ExecStart=/bin/sudo -u testuser DISPLAY=:7 xfce4-session
The problem is that after starting this service, the following does not
work:
$ systemctl --user stop testuser-desktop
because the UID (real and effective) of the sudo process is 0 and
systemd just gives up after several tries and treats the service as
dead:
Dec 25 04:44:18 localhost systemd[1275]: testuser-desktop.service: Failed to kill main process 1925 (sudo): Operation not permitted
Dec 25 04:44:18 localhost systemd[1275]: testuser-desktop.service: Failed to kill main process 1925 (sudo): Operation not permitted
Dec 25 04:44:18 localhost systemd[1275]: testuser-desktop.service: Failed to kill main process 1925 (sudo): Operation not permitted
Dec 25 04:44:18 localhost systemd[1275]: testuser-desktop.service: Failed to kill main process 1925 (sudo): Operation not permitted
I've learned the following hack which makes it work:
[Service]
ExecStart=/bin/bash -c '/bin/sudo -u testuser DISPLAY=:7 xfce4-session && :'
The ' && :' is needed there because without it bash would just exec the
argument and became root. Now, after systemd sends a signal (TERM? INT?)
to the bash process, the bash kills the sudo via tty layer magic.
Is there any cleaner way to have an user service running a suid
executable?
Thank you.
More information about the systemd-devel
mailing list