Right when I feel I started to better understand Possession and Keyrings, I had this: > keyctl describe 14242397 14242397: alsw-v------------------ 1002 100 user: keyInUsr > keyctl print 14242397 mySecret-1
How can I read a key when no one has read rights? Is there some caching going on? Some refresh only occurring on certain conditions ?? Or am I missing something? Regards Bruno On Mon, Dec 10, 2018 at 12:55 PM Mantas Mikulėnas <graw...@gmail.com> wrote: > On Fri, Dec 7, 2018 at 9:47 PM Dinesh Prasanth Moluguwan Krishnamoorthy < > dmolu...@redhat.com> wrote: > >> Oh damn! Yes. It worked! >> >> So, my next question would be "how to avoid it?" >> >> To expand a bit more: >> >> I want to make these passwords inaccessible outside the systemd service >> even by that USER. (or does it sound something contradictory?) >> >> Regards, >> Dinesh >> > > It does sound contradictory; it rarely makes sense to isolate the user > from themselves. > > It might be *possible* to set the key's permissions such that only the > "possessor" has full permissions, but the "uid/gid/other" have none. (e.g. > keyctl > setperm <id> 0x3f000000). > > -- > Mantas Mikulėnas > _______________________________________________ > systemd-devel mailing list > systemd-devel@lists.freedesktop.org > https://lists.freedesktop.org/mailman/listinfo/systemd-devel > -- Bruno VERNAY
_______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel