[systemd-devel] DynamicUser and root:root/0640 configuration in /etc

Igor Gnatenko i.gnatenko.brain at gmail.com
Fri Jan 31 12:35:26 UTC 2020


Hello,

I am writing systemd service for one software and I found out very
nice thing that you don't have to create users just for the service
and it can be done via DynamicUser in runtime.

However, the software has configuration file in /etc/foo where
sensitive credentials are stored so the /etc/foo is owned by root:root
and /etc/foo/config is owned same way and has 640 permissions.

If I use DynamicUser, it can't read /etc/foo/config due to
permissions. I have tried to set ConfigurationDirectory=foo, but that
does not change permissions on those files... After all I found
SupplementaryGroups=root fixes the problem, but I think this destroys
whole purpose of DynamicUser.

Am I doing something wrong? Any suggestions how to deal with this?
-- 
-Igor Gnatenko


More information about the systemd-devel mailing list