On Sun, Aug 27, 2023 at 07:35:53PM +0200, Cecil Westerhof wrote: > Op zo 27 aug 2023 om 18:30 schreef Leon Fauster <leonfauster@xxxxxxxxxxxxxx > >: > > > Am 26.08.23 um 18:41 schrieb Cecil Westerhof: > > > Replying on google does not work as I am used to. It sends to the sender > > > instead of the group. 😱 > > > > > > Op za 26 aug 2023 om 18:36 schreef Cecil Westerhof > > > <cldwesterhof@xxxxxxxxx <mailto:cldwesterhof@xxxxxxxxx>>: > > > > > > Op za 26 aug 2023 om 14:46 schreef Michael Biebl <mbiebl@xxxxxxxxx > > > <mailto:mbiebl@xxxxxxxxx>>: > > > > > > Am Sa., 26. Aug. 2023 um 09:44 Uhr schrieb Cecil Westerhof > > > <cldwesterhof@xxxxxxxxx <mailto:cldwesterhof@xxxxxxxxx>>: > > > > > > > > I am at last implementing systemd timers. The service I > > > created can have its status queried by a normal user. I thought > > > I must have made a mistake. But when I do: > > > > systemctl status cron > > > > > > > > I get: > > > > ● cron.service - Regular background program processing > > daemon > > > > Loaded: loaded (/lib/systemd/system/cron.service; > > > enabled; preset: enabled) > > > > Active: active (running) since Sat 2023-08-19 > > > 18:12:04 CEST; 6 days ago > > > > Docs: man:cron(8) > > > > Main PID: 790 (cron) > > > > Tasks: 1 (limit: 17837) > > > > Memory: 91.0M > > > > CPU: 14min 3.110s > > > > CGroup: /system.slice/cron.service > > > > └─790 /usr/sbin/cron -f > > > > > > > > Warning: some journal files were not opened due to > > > insufficient permissions. > > > > > > > > Is this the expected behaviour? > > > > If not: what could be wrong with my system? > > > > > > > > This is on Debian 11. > > > > > > Reading system logs is a privileged operation. > > > > > > You can grant this privilege to individual users by adding them > > > to the > > > systemd-journal (or adm) group. > > > > > > Adding users to the adm will grant them additional privileges, > > > so be careful. > > > > > > > > > The user is in the lpadmin group, but not in systemd-journal, or adm > > > and still can ask the status. > > > Another reply indicates that this is normal. > > > > > > > > > Well, you can look at the process list anytime as normal user. So, what > > are you trying to accomplishing. Whats the goal? Hiding the process from > > the users? > > > > I was surprised that I could see it. And as I understand it, I am certainly > not the only one. One reply on my question was even that it is a privileged > operation and should not be possible without a group added to the user > which was not added to the user. > I agree that you can find out everything with ps, but that is a lot more > work. > I was just surprised that it was possible —and again I am far from the only > one—, I just wanted to check it out and now I know it is expected behaviour. > Better to ask a 'dump' question than staying ignorant I think. Also access to other users' stuff in /proc can be disabled by a mount option (hidepid=2). -- Sincerely, Demi Marie Obenour (she/her/hers) Invisible Things Lab
Attachment:
signature.asc
Description: PGP signature
