Re: DynamicUser in instantiated (and socket-activated) units

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Di, 21.01.20 16:02, Leonid Isaev (leonid.isaev@xxxxxxxx) wrote:

> On Tue, Jan 21, 2020 at 03:53:10PM +0000, Leonid Isaev wrote:
> > 	I am trying to sandbox processes that run via instantiated units and
> > the DynamicUser feature seems like a nice solution. However, when I start
> > several such units simultaneously, the dynamic UID, while random, is the same
> > for all instances (see below). Is this expected behavior and is there any way
> > to make UID different for each instance?
>
> Sorry, forgot to mention, it is systemd 244 on Arch Linux.

if you speciy the same user name its going to have the same uid.

use something like this:

…
[Service]
…
User=foo-%i
DynamicUser=1
…

That way you have a separate user for each instance, and the user is
called "foo-" suffixed with the instance ID. And each UID is
dynamically assigned.

Lennart

--
Lennart Poettering, Berlin
_______________________________________________
systemd-devel mailing list
systemd-devel@xxxxxxxxxxxxxxxxxxxxx
https://lists.freedesktop.org/mailman/listinfo/systemd-devel
[Index of Archives]     [LARTC]     [Bugtraq]     [Yosemite Forum]     [Photo]

  Powered by Linux