systemd (Was Re: tmpfs for strategic directories)
Lennart Poettering
mzerqung at 0pointer.de
Tue Jun 1 00:02:48 UTC 2010
On Wed, 26.05.10 19:54, Nicolas Mailhot (nicolas.mailhot at laposte.net) wrote:
>
> Le mercredi 26 mai 2010 à 19:39 +0200, Alexander Boström a écrit :
> > ons 2010-05-26 klockan 10:01 +0100 skrev James Findley:
> >
> > > It's really not at all uncommon for me to need to modify an init script.
> > > There would be much rage if in order to do this I had to download the
> > > SRPM, extract the init code, figure out what I needed to change, modify
> > > it, recompile then install.
> >
> > Various ways to deal with that:
> >
> > 1. Change the Exec=/usr/libexec/food to
> > ExecStart=/usr/local/sbin/foodwrapper
>
> Won't work since one of the main things current scripts do is run some
> code as root, and some other code as the target user.
We already cover for that. You can set "PermissionsStartOnly=yes" in the
.service file. Then, only the program specified in ExecStart= will be
started with reduced permissions (i.e. with dropped priviliges, reduced
caps, yadda yadda), and everything in ExecStartPre= and friends will run
as normal root user.
Lennart
--
Lennart Poettering Red Hat, Inc.
lennart [at] poettering [dot] net
http://0pointer.net/lennart/ GnuPG 0x1A015CC4
More information about the devel
mailing list