[systemd-devel] Normal user can ask status of services
Andrei Borzenkov
arvidjaar at gmail.com
Sat Aug 26 13:15:47 UTC 2023
Do not send personal reply to the list post.
On 26.08.2023 15:35, Cecil Westerhof wrote:
> Op za 26 aug 2023 om 13:45 schreef Andrei Borzenkov <arvidjaar at gmail.com>:
>
>> On 26.08.2023 10:44, Cecil Westerhof wrote:
>>>
>>> Is this the expected behaviour?
>>
>> Yes, it is.
>>
>
> It seemed strange to me, but I will not worry then.
> Thanks.
>
> At the moment it is not important, but if I do not want that a normal user
> can query the status: can I circumvent this?
>
I am not sure. systemctl just calls
org.freedesktop.DBus.Properties.GetAll on unit D-Bus path. I am not
aware of any way to restrict it in systemd. You may restrict it on the
D-Bus level. Currently it is open to all
<allow send_destination="org.freedesktop.systemd1"
send_interface="org.freedesktop.DBus.Properties"
send_member="GetAll"/>
I do not know if it is possible to put restrictions only on some paths.
More information about the systemd-devel
mailing list