[systemd-devel] Learning Help: modeling system-user services with `run0`
Divine Eguzouwa
divine.eguzouwa at gmail.com
Tue Sep 10 14:47:41 UTC 2024
Assuming: run0 (and all of systemd for that matter) security works by
sandboxing a service's "cgroup-namespace environment" (i.e., through
User=/Group=, and/or NoNewPrivilages=, and/or etc.) and directly executing
the given command therin...
I have a chain of services that executes a process belonging to
User=/Group=one, that will read from a specific directory belonging to
User=/Group=two, subsequently resulting in running a /bin executable that
belongs to User=/Group=ANY
Please walk me through how to model run0 --user to accomplish this in an
"environment" *without authentication*? So far I keep bumping into "Failed
to start transient service unit: Interactive authentication required."
errors which leads me to believe that my earlier assumption is incorrect
-D
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/systemd-devel/attachments/20240910/15f4dac4/attachment.htm>
More information about the systemd-devel
mailing list