[systemd-devel] Portable service and bind paths

Lennart Poettering lennart at poettering.net
Mon Jan 6 12:40:02 UTC 2020


On So, 05.01.20 19:25, Claes H (claesatwork at gmail.com) wrote:

> Turns out the problem was not with the mount - that was working well.
> Instead it was a user problem and I did not realize the process ran as
> root and used a different home directory.
> When I added the user homeassistant in the host and added it to the
> User= configuration in the service file it worked
> But this required the "admin" of the host to do something additional,
> it did not work "out of the box".
>
> I was thinking  - how is it supposed to work with a portable service,
> which user is it recommended to run as?
> Maybe portablectl attach should create the user the service has
> declared, if it does not exist already?
> Or should is there be a general user that portable services to run as?
> Interested to hear if there is any recommendation for how a portable
> service "packager" should define the user aspect of the service

If possible use DynamicUser=1, i.e. have a short-lived user that only
exists while your service is running.

For some usecases that doesn#t work though. There's a TODO list item,
to add AllocateUser= as new switch to create a user persistently on
first start, as an alternative for such cases. Nobody worked on that
yet though. And of course, it's much less sexy since for such users
the portable services would suddenly leave traces on the system, in a
way that is never cleaned up...

Lennart

--
Lennart Poettering, Berlin


More information about the systemd-devel mailing list