[systemd-devel] start user-service only with UID greater than 1000
Mantas Mikulėnas
grawity at gmail.com
Tue May 9 16:19:08 UTC 2017
That might be nice... but, how come your services register a logind session
in the first place? That doesn't happen unless something deliberately calls
pam_systemd – and the service startup process generally doesn't involve
calling PAM in the first place. So something doesn't add up. (Are you using
su?)
(GDM is an exception – the service is not in a logind session, but the
login screen (greeter) *is*, and it might rely on user@ being available
just like a regular GNOME session.)
On Tue, May 9, 2017, 18:09 Jakob Schürz <wertstoffe at nurfuerspam.de> wrote:
> Hi There!
>
> I have two services running in systemd --user, which should only be
> startet for login-users.
> If i put the service-file by a deb-package in /usr/lib/systemd/user, the
> service will also be started for Debian-exim, Debian-gdm and other users
> with a UID below 1000. And this is not "good"...
>
> Is there a mechanism in systemd --user to start services only for UIDs >
> 1000 (on Debian... other Distros may have the first login-user with
> UID=500... how can i catch this?)
> Or is it possible, to start Units only, if the user is in a special
> unix-group? For example a group called "cups-fuse" or "backup", then the
> service is startet in the users systemd only, if the user is in this group.
>
> For now i have a
>
> [Service]
> ExecStartPre=/bin/sh -c '/usr/bin/test %U -ge 1000'
>
> This produces a failed unit... That is not "beautiful" and leads to
> wrong thoughts, watching the journal.
>
> I need this services really only for logged in real users. Not
> Debian-gdm or Debian-exim. And i need a solution, to activate it per
> package-installation automatically for all the users who should be able
> to login...
>
> Maybe a Condition for a set usershell or another item, which identifies
> a user as a login-user...
>
> Any ideas or suggestions?
>
> regards
>
> jakob
> _______________________________________________
> systemd-devel mailing list
> systemd-devel at lists.freedesktop.org
> https://lists.freedesktop.org/mailman/listinfo/systemd-devel
>
--
Mantas Mikulėnas <grawity at gmail.com>
Sent from my phone
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/systemd-devel/attachments/20170509/3f170c4c/attachment.html>
More information about the systemd-devel
mailing list