systemd (Was Re: tmpfs for strategic directories)

Lennart Poettering mzerqung at
Tue Jun 1 00:02:48 UTC 2010

On Wed, 26.05.10 19:54, Nicolas Mailhot (nicolas.mailhot at wrote:

> Le mercredi 26 mai 2010 à 19:39 +0200, Alexander Boström a écrit :
> > ons 2010-05-26 klockan 10:01 +0100 skrev James Findley:
> > 
> > > It's really not at all uncommon for me to need to modify an init script. 
> > >   There would be much rage if in order to do this I had to download the 
> > > SRPM, extract the init code, figure out what I needed to change, modify 
> > > it, recompile then install.
> > 
> > Various ways to deal with that:
> > 
> > 1. Change the Exec=/usr/libexec/food to
> > ExecStart=/usr/local/sbin/foodwrapper
> Won't work since one of the main things current scripts do is run some
> code as root, and some other code as the target user.

We already cover for that. You can set "PermissionsStartOnly=yes" in the
.service file. Then, only the program specified in ExecStart= will be
started with reduced permissions (i.e. with dropped priviliges, reduced
caps, yadda yadda), and everything in ExecStartPre= and friends will run
as normal root user.


Lennart Poettering                        Red Hat, Inc.
lennart [at] poettering [dot] net           GnuPG 0x1A015CC4

More information about the devel mailing list