Hello, I am writing systemd service for one software and I found out very nice thing that you don't have to create users just for the service and it can be done via DynamicUser in runtime. However, the software has configuration file in /etc/foo where sensitive credentials are stored so the /etc/foo is owned by root:root and /etc/foo/config is owned same way and has 640 permissions. If I use DynamicUser, it can't read /etc/foo/config due to permissions. I have tried to set ConfigurationDirectory=foo, but that does not change permissions on those files... After all I found SupplementaryGroups=root fixes the problem, but I think this destroys whole purpose of DynamicUser. Am I doing something wrong? Any suggestions how to deal with this? -- -Igor Gnatenko _______________________________________________ systemd-devel mailing list systemd-devel@xxxxxxxxxxxxxxxxxxxxx https://lists.freedesktop.org/mailman/listinfo/systemd-devel
DynamicUser and root:root/0640 configuration in /etc
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- Subject: DynamicUser and root:root/0640 configuration in /etc
- From: Igor Gnatenko <i.gnatenko.brain@xxxxxxxxx>
- Date: Fri, 31 Jan 2020 13:35:26 +0100
- Follow-Ups:
- Re: DynamicUser and root:root/0640 configuration in /etc
- From: Lennart Poettering
- Re: DynamicUser and root:root/0640 configuration in /etc
- Prev by Date: Re: Dynamic .timer scheduling
- Next by Date: How does systemd (pid1) connect to system DBus?
- Previous by thread: The meaning of CanMultiSession=no on non-seat0
- Next by thread: Re: DynamicUser and root:root/0640 configuration in /etc
- Index(es):
 |