[systemd-devel] Syntax check for a new service?

Mantas Mikulėnas grawity at gmail.com
Tue Mar 1 14:06:06 UTC 2022


On Tue, Mar 1, 2022 at 2:32 PM Tom Browder <tom.browder at gmail.com> wrote:

> On Sat, Feb 26, 2022 at 12:06 Mantas Mikulėnas <grawity at gmail.com> wrote:
> ...
>
>> Use the Environment= option to set environment variables.
>>
>
> Thanks, Mantas. That works great.
>
> One more question: I'm thinking of making the service have myself as the
> user (non-privileged). Is that a bad practice since I'm also the root user
> (and currently the only user)?
>

That actually makes it relatively privileged – it has full access to *your*
files and processes... So unless accessing your data is the service's
explicit purpose (e.g. Transmission or MPD or Xvnc), then it should have
its own account, or at least have something like an AppArmor policy loaded.

[1] Obligatory https://xkcd.com/1200/

-- 
Mantas Mikulėnas
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/systemd-devel/attachments/20220301/a85cd2ce/attachment.htm>


More information about the systemd-devel mailing list