[systemd-devel] sudo -u app_user systemctl --user

Thu, 20 Mar 2014 04:44:34 -0700 

Hi,
for a hosting project, I'd like to enable some users to control the user session of an application user. 


Configuring and running the applications under the app user already 
works great.



The straightforward way in my mind would have been to enable sudoing 
from the personal accounts into the app user, allowing to run "systemctl 
--user ..." Sadly, this does not work out, as I've not found a way to 
get sudo to enter the app user's xdg session.



Curiously, using su- this would work. I'm wondering whether I've 
overlooked some configuration bit or whether sudo is just doing things 
differently enough, so that I'll have to use su- instead and create some 
kind of wrapper script for safety.


# su works

personal@testagent:~$ sudo -kn su - app_user -c 'systemctl --user status 
nginx.service'
nginx.service - The nginx HTTP and reverse proxy server
          Loaded: loaded 
(/srv/dasz/home/app_user/.config/systemd/user/nginx.service; enabled)
          Active: failed (Result: exit-code) since Thu, 20 Mar 2014 07:49:54 
+0100; 2h 17min ago
         Process: 17746 ExecStartPre=/usr/sbin/nginx -c 
/srv/dasz/etc/nginx/nginx.conf -t (code=exited, status=1/FAILURE)
          CGroup: name=systemd:/user/app_user/shared/systemd-17741/nginx.service


# sudo doesn't

personal@testagent:~$ sudo -kn -u app_user systemctl --user status nginx.service
Failed to get D-Bus connection: Unable to autolaunch a dbus-daemon without a 
$DISPLAY for X11
personal@testagent:~$


IIUIC, systemctl's behaviour is caused by this difference:

personal@testagent:~$ sudo -kn su - app_user -c env | grep ^XDG
XDG_SESSION_ID=c19
XDG_SESSION_COOKIE=1f9ce2afe379e46cdfedb64153259313-1395305911.233556-949665988
XDG_RUNTIME_DIR=/run/user/app_user
personal@testagent:~$ sudo -knu app_user env | grep ^XDG
personal@testagent:~$



I've also tried replacing sudo's pam config with su's, because the 
former is only creating noninteractive sessions by default, but that 
didn't change the behaviour.


Environment: Debian stable

# dpkg -l login sudo systemd libpam-systemd
||/ Name                                                           Version      
                        Architecture
+++-==============================================================-====================================-============
ii  libpam-systemd:amd64                                           44-11+deb7u4 
                        amd64
ii  login                                                          1:4.1.5.1-1  
                        amd64
ii  sudo                                                           
1.8.5p2-1+nmu1                       amd64
ii  systemd                                                        44-11+deb7u4 
                        amd64
#



I'm aware that this is not the current systemd version, but since I 
believe this is a actually problem on the sudo side, I hope that won't 
make a big difference.




Thanks for any hints you can provide.


Regards, David

_______________________________________________
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel






















					Reply via email to