[systemd-devel] Normal user can ask status of services
Cecil Westerhof
cldwesterhof at gmail.com
Sat Aug 26 16:40:10 UTC 2023
Replying on google does not work as I am used to. It sends to the sender
instead of the group. 😱
Op za 26 aug 2023 om 18:31 schreef Cecil Westerhof <cldwesterhof at gmail.com>:
>
> Op za 26 aug 2023 om 17:35 schreef Dave Howorth <systemd at howorth.org.uk>:
>
>> On Sat, 26 Aug 2023 16:17:46 +0300
>> Andrei Borzenkov <arvidjaar at gmail.com> wrote:
>> > On 26.08.2023 15:46, Michael Biebl wrote:
>> > >
>> > > Reading system logs is a privileged operation.
>> >
>> > It is not about reading logs but about being able to "systemctl
>> > status some-system-unit"
>> >
>> > > You can grant this privilege to individual users by adding them to
>> > > the systemd-journal (or adm) group.
>> >
>> > The question was how to prevent normal users from seeing system unit
>> > status.
>>
>> TBF, it wasn't really clear (to me at least) what the question was
>> about. Either what you surmised, or what Michael surmised or maybe
>> about which Debian releases have cron installed by default? I certainly
>> couldn't work it out.
>>
>
> I was not surprised that cron was installed. (I want to migrate cron to
> systemd timers.) I was surprised that I could ask the status of cron as a
> normal user. That seemed strange to me, I expected that only root would be
> able to do that.
> But I use systemd, but certainly am no expert. But willing to learn more.
>
> --
> Cecil Westerhof
>
--
Cecil Westerhof
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/systemd-devel/attachments/20230826/6387c784/attachment-0001.htm>
More information about the systemd-devel
mailing list