[systemd-devel] Extend service runtime

Mantas Mikulėnas grawity at gmail.com
Mon May 4 22:11:02 UTC 2020 

On Mon, May 4, 2020, 23:31 Andy Pieters <systemd at andypieters.me.uk> wrote:

> On Mon, 4 May 2020 at 15:51, Andy Pieters <systemd at andypieters.me.uk>
> wrote:
>
>> Hi
>>
>> I'm trying to accomplish the following:
>>
>> An event happens -> I start a systemd service in response
>>   after RuntimeMaxSec is reached service terminates and cleans up event
>>
>> Should a second event happen whilst RuntimeMaxSec is not yet reached the
>>  preference would be to reset RuntimeMaxSec of the service
>>
>> Alternatively, I suppose I could shut down the service and restart it in
>> reply to
>> a second or third or fourth event happening.
>>
>> Any suggestions here?
>>
>>
> OK, I will give more info on what I want to do.
> I have SSH login which requires 2FA. I use PAM to check if user belongs to
> group x
> If user is in group X, normal authentication is performed
> If user is not in group X, then 2F authentication is required.
>
> That part is already working.
>
> What I want to achieve:
> a) when a user logs on using 2F authentication, add user to group x
> b) after a delay remove user from group x
>

So this is basically for implementing sudo-like caching for 2FA?

What authentication methods are involved here?

Seems like there are better ways than a service file that permanently
modifies /etc/group in the first place... Like a PAM module that literally
touches a timestamp file.


> That part is trivial to do with some service file, either by starting a
> timer, or
> using systemd-run or setting RuntimeMaxSec on a dummy service and using
> the ExecStop= to remove the user from group x.
>
> The problem:
> * every new login in between a) and b) above should restart the delay
> timing
>
> _______________________________________________
> systemd-devel mailing list
> systemd-devel at lists.freedesktop.org
> https://lists.freedesktop.org/mailman/listinfo/systemd-devel
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/systemd-devel/attachments/20200505/786efe7c/attachment-0001.htm>

More information about the systemd-devel mailing list