Best Practices with homectl ↔ passwd/groups/shadow ?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Is it wise to use only `homectl` to manage human users without reciprocal entries in /etc/passwd, /etc/group, or /etc/shadow?

$ systemd-analyze security wireplumber --user
| NAME                  | Description    | Exposure    |
| ----------------------| -------------- | ----------- |
| ❌ User=/DynamicUser= | Service runs.. | 0.4         |

→ Overall exposure level for wireplumber.service...

$ systemctl edit wireplumber.service --user
### Editing /home/me/.config/systemd/user/wireplumber.service.d/override.conf
### Anything between here and the comment below will become the contents of the...

[Service]
User=%u
Group=%g

### Edits below this comment will be discarded
...

$ systemctl daemon-reload --user
$ systemctl restart wireplumber.service --user
$ journalctl -r --unit=wireplumber --user
systemd[851]: Failed to start Multimedia Service Session Manager.
systemd[851]: wireplumber.service: Failed with result 'exit-code'.
systemd[851]: wireplumber.service: Start request repeated too quickly.
systemd[851]: wireplumber.service: Scheduled restart job, restart counter is at 5.
systemd[851]: wireplumber.service: Failed with result 'exit-code'.
systemd[851]: wireplumber.service: Main process exited, code=exited, status=216/GROUP
(eplumber)[11087]: wireplumber.service: Failed at step GROUP spawning /usr/bin/wireplumber: Operation not permitted
(eplumber)[11087]: wireplumber.service: Failed to determine supplementary groups: Operation not permitted
systemd[851]: Started Multimedia Service Session Manager.


homectl should already know of this user's supplementary groups, unless homectl is searching for them in `/etc/groups` instead?

--D



[Index of Archives]     [LARTC]     [Bugtraq]     [Yosemite Forum]     [Photo]

  Powered by Linux