diff options
author | Lennart Poettering <lennart@poettering.net> | 2016-07-14 12:37:28 +0200 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2016-07-22 15:53:45 +0200 |
commit | 29206d4619843252c2e04f20dc03c246547600a2 (patch) | |
tree | a30c2f5b2e90f016c5ed46452ac27264f2afae1c /HACKING | |
parent | 66dccd8d85aac9f029c626aac8d2b7e58d239b47 (diff) |
core: add a concept of "dynamic" user ids, that are allocated as long as a service is running
This adds a new boolean setting DynamicUser= to service files. If set, a new
user will be allocated dynamically when the unit is started, and released when
it is stopped. The user ID is allocated from the range 61184..65519. The user
will not be added to /etc/passwd (but an NSS module to be added later should
make it show up in getent passwd).
For now, care should be taken that the service writes no files to disk, since
this might result in files owned by UIDs that might get assigned dynamically to
a different service later on. Later patches will tighten sandboxing in order to
ensure that this cannot happen, except for a few selected directories.
A simple way to test this is:
systemd-run -p DynamicUser=1 /bin/sleep 99999
Diffstat (limited to 'HACKING')
0 files changed, 0 insertions, 0 deletions