Hello! First of all, I love systemd. It's a great tool to use and it's been a pleasure to work with.
Anyway, I was writing up a socket-activated systemd service for a public read-only rsync server. When the rsync daemon serves a share, it chroots into the share's directory by default. Of course, the chroot requires rsync to run as root. On the other hand, systemd provides its own capability to chroot rsync, which would allow me to run rsync as non-root. I could also use ReadOnlyDirectories to provide further assurance that no nonsense could occur from the daemon. So my question, simply, is this: Should I prefer running a process as root knowing that it chroots itself, or should I run it as non-root and chroot it via systemd? While I'm at it, one thing I'd like to do is construct a whitelist like this: InaccessibleDirectories=/ ReadOnlyDirectories=<stuff I'm serving> Is this possible? Honest disclaimer: Due to the relatively benign nature of this scenario and the ubiquity of rsync, my assumption is that I'm generally safe with either option. I also acknowledge that chroot() is not a panacea; I would run this service using systemd-nspawn if I wanted to maximize security at the cost of simplicity. In other words, I apologize that this question is a bit academic. :) Thanks in advance, -- Aaron -- Aaron Faanes <dafr...@gmail.com> _______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
