[systemd-devel] Normal user can ask status of services
Cecil Westerhof
cldwesterhof at gmail.com
Sat Aug 26 16:37:51 UTC 2023
Op za 26 aug 2023 om 15:16 schreef Andrei Borzenkov <arvidjaar at gmail.com>:
> Do not send personal reply to the list post.
>
> On 26.08.2023 15:35, Cecil Westerhof wrote:
> > Op za 26 aug 2023 om 13:45 schreef Andrei Borzenkov <arvidjaar at gmail.com
> >:
> >
> >> On 26.08.2023 10:44, Cecil Westerhof wrote:
> >>>
> >>> Is this the expected behaviour?
> >>
> >> Yes, it is.
> >>
> >
> > It seemed strange to me, but I will not worry then.
> > Thanks.
> >
> > At the moment it is not important, but if I do not want that a normal
> user
> > can query the status: can I circumvent this?
> >
>
> I am not sure. systemctl just calls
> org.freedesktop.DBus.Properties.GetAll on unit D-Bus path. I am not
> aware of any way to restrict it in systemd. You may restrict it on the
> D-Bus level. Currently it is open to all
>
> <allow send_destination="org.freedesktop.systemd1"
> send_interface="org.freedesktop.DBus.Properties"
> send_member="GetAll"/>
>
> I do not know if it is possible to put restrictions only on some paths.
>
Thanks, I will look into it.
--
Cecil Westerhof
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/systemd-devel/attachments/20230826/af205585/attachment.htm>
More information about the systemd-devel
mailing list