[systemd-devel] Cannot call GetUnit method with ssh
Mantas Mikulėnas
grawity at gmail.com
Tue Mar 12 11:20:14 UTC 2019
On Tue, Mar 12, 2019 at 1:17 PM Bao Nguyen <baondt at gmail.com> wrote:
> Hi again,
>
> I tried to add the LDAP user in /etc/dbus-1/system.conf policy and then
> send signal SIGHUP to reload the configuration, also for dbus flush user
> cache, but dbus said that
>
> Unknown username "ldap_demo" on element <allow>
> Reloaded configuration
>
Hold on – why are you whitelisting individual users for systemd.GetMethod()?
>
> I search the source code in dbus. it will
> call _dbus_get_user_id_and_primary_group ,
> then _dbus_user_database_get_system to search user ldap_demo in its
> database but I am not clear how this database is built. Could you please
> help me for that?
> Is there anyway to make dbus aware the new user except restart dbus?
>
> If I restart dbus, does it have any impact to the system?
>
Yes; it closes all existing bus connections, which may cause many services
to exit.
>
> Thanks,
> Brs,
> Bao
>
>
> On Fri, Mar 8, 2019 at 5:54 PM Lennart Poettering <lennart at poettering.net>
> wrote:
>
>> On Fr, 08.03.19 11:59, Mantas Mikulėnas (grawity at gmail.com) wrote:
>>
>> > > dbus policy can only reference users that are available locally at any
>> > > time, i.e. generally system users, not human users.
>> > >
>> > >
>> > Hmm, but in this case, the client seems to be completely refused access
>> to
>> > the bus – not just blocked by policy from sending some message. The
>> system
>> > bus normally allows any user to connect (I mean, I have no problems
>> > accessing it from an LDAP account), so I'm not sure why the bus config
>> > should matter at this point.
>>
>> At this point this is probably something to move to the dbus list... I
>> don#t remember how precisely dbus-daemon authenticates stuff, I just
>> have a rough idea.
>>
>> Lennart
>>
>> --
>> Lennart Poettering, Red Hat
>>
>
--
Mantas Mikulėnas
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/systemd-devel/attachments/20190312/2edbb7ba/attachment.html>
More information about the systemd-devel
mailing list