Hello, I was pondering a user service that would ask for password via the password agent infrastructure (as there is systemd-gnome-ask-password-agent it could be quite integrated with the desktop environment) as an alternative to saving it in (Gnome) keyring. Naïve experiment with > [Service] > ExecStart=/usr/bin/systemd-ask-password "What is your pwd?" lead to > May 13 19:49:56 host systemd-ask-password[28844]: Failed to query password: Permission denied Then I read about the password agent API [1] and realized that poor agent cannot create the notification file in the watched directory. I also noticed the auxiliary agent is not spawned for user services [2]. I'm not that familiar with policy-kit, however, IIUC, it is possible to ask unprivileged systemd-gnome-ask-password-agent to provide a password for system service. Is that correct? What would then prohibit making /run/systemd/ask-password world writable to allow unprivileged users to ask for a password? (I understand the interface is so crude so that it works at early boot stages w/out DBus. For the user requests it would perhaps make sense to make have a parallel DBus API.) Or is there an alternative approach to query interactively passwords for user services (e.g. already existing user service that could queried via DBus)? Thanks, Michal [1] https://www.freedesktop.org/wiki/Software/systemd/PasswordAgents/ [2] https://github.com/systemd/systemd/blob/a45ef5070d5875d70e39fc430e82eb26c221ded5/src/systemctl/systemctl.c#L238
Attachment:
signature.asc
Description: Digital signature
_______________________________________________ systemd-devel mailing list systemd-devel@xxxxxxxxxxxxxxxxxxxxx https://lists.freedesktop.org/mailman/listinfo/systemd-devel
