[systemd-devel] DynamicUser and udev uaccess

Luca Boccassi luca.boccassi at gmail.com
Fri Jul 19 08:13:10 UTC 2024


Set up a system group named appropriately, use it for group ownership
of those device nodes, and then use SupplementaryGroups=foo in your
unit

On Fri, 19 Jul 2024 at 08:25, Renjaya Raga Zenta <ragazenta at gmail.com> wrote:
>
> Is there another way to allow DynamicUser to access the USB scanner instead of setting MODE="666"? Or can the DynamicUser be marked as a logged-in user?
>
> Thanks.
>
> On Fri, Jul 19, 2024 at 11:03 AM Andrei Borzenkov <arvidjaar at gmail.com> wrote:
>>
>> On 19.07.2024 05:01, Renjaya Raga Zenta wrote:
>> > Hi there,
>> >
>> > We have a service using DynamicUser=yes which interacts with some USB
>> > scanners. It seems TAG+="uaccess" is already set by 70-uaccess.rules as we
>> > use libsane. But unfortunately, the service cannot access the scanner
>> > unless we set MODE="666" manually in another udev rule.
>> >
>> > Is it the expected behavior?
>>
>> Yes. `uaccess` gives access to the logged in user and your service runs
>> under a different user.


More information about the systemd-devel mailing list