New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
systemd user services shouldn't run as root and other "non-interactive" users #30712
Conversation
It's debatable whether root should be a non-interactive user. For example, |
By "non-interactive" I meant "not a human doing general purpose stuff". I'm not sure if having In any case, this PR doesn't change anything about the definition of root - it only disables the 3 mentioned user units for root. |
I'd say this should be configurable. |
There are even more user services where this change would be useful. For instance, btsync, gpg-agent and pulseaudio. Maybe we should give each user service an extra option to set for which users the service is started. On the other hand we do have For most user services I agree that it doesn't make much sense to run them as root or other non-interactive users. I think this should be the default for all our user services. |
@edolstra - do you still have reservations about this PR? |
@rvolosatovs you said:
You're saying that we should be able to define per service if it should run for root as well or a global switch of some kind? Can you share some details on your specific use case? |
What I had in mind was having something like By the way, shouldn't all |
That makes sense, but is really just the mechanics of it. What would be the use case for running
That's what I would say although services |
Any update on this pull request? |
This is safe to merge - the 3 mentioned services should not run as root. |
Motivation for this change
Previously, if root logged in to the console while
services.kbfs.enable = true;
, systemd would try to spawn the kbfs and keybase units which is probably not what we want.Since systemd 234 we have been able to specify that a unit should only run for specific users or alternatively "not for system users" which is what this PR does.
As this is a change in existing behaviour, I thought it best to see if anybody would have any issues with this.
Cc: @carlsverre @np @rvolosatovs @bennofs @fpletz @NeQuissimus
Things done
build-use-sandbox
innix.conf
on non-NixOS)nix-shell -p nox --run "nox-review wip"
./result/bin/
)