summaryrefslogtreecommitdiff
path: root/HACKING
diff options
context:
space:
mode:
authorLennart Poettering <lennart@poettering.net>2016-07-14 12:37:28 +0200
committerLennart Poettering <lennart@poettering.net>2016-07-22 15:53:45 +0200
commit29206d4619843252c2e04f20dc03c246547600a2 (patch)
treea30c2f5b2e90f016c5ed46452ac27264f2afae1c /HACKING
parent66dccd8d85aac9f029c626aac8d2b7e58d239b47 (diff)
core: add a concept of "dynamic" user ids, that are allocated as long as a service is running
This adds a new boolean setting DynamicUser= to service files. If set, a new user will be allocated dynamically when the unit is started, and released when it is stopped. The user ID is allocated from the range 61184..65519. The user will not be added to /etc/passwd (but an NSS module to be added later should make it show up in getent passwd). For now, care should be taken that the service writes no files to disk, since this might result in files owned by UIDs that might get assigned dynamically to a different service later on. Later patches will tighten sandboxing in order to ensure that this cannot happen, except for a few selected directories. A simple way to test this is: systemd-run -p DynamicUser=1 /bin/sleep 99999
Diffstat (limited to 'HACKING')
0 files changed, 0 insertions, 0 deletions