[systemd-devel] Why do passive target units have to exist?
Hi folks, I am reading systemd documents, and I find passive target units a little bit confusing. Take "network.target" for example: "systemd-networkd.service" specifies "Wants=network.target" and "Before=network.target". That effectively makes starting "systemd-networkd.service" brings up both "systemd-networkd.service" and "network.target", and make sure that "network.target" is active after "systemd-networkd.service" being active. It also implies that the shutdown order is correct: "network.target" will be stopped before "systemd-networkd.service". Everything is fine. What if we use an active target unit to achieve all this? Can we specify a "WantedBy=network.target" in "systemd-network.target"? So that we can enable "systemd-network.service" (which makes a symbolic link in the "network.target.wants" directory) and start "network.target" to pull in "systemd-networkd.service". That also makes sure "network.target" is active after "systemd-networkd.service" because of the target unit default dependencies. And shutdown order will be correct too. The only difference I can tell is the units to start. With a passive "network.target", we start "systemd-networkd.service". With an active "network.target", we start "network.target". Is there any benefits of passive target units over active target units? John ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] How to give users permissions to /dev/kfd
On Sat, 14 Oct 2017 at 17:50:33 +0300, Mantas Mikulėnas wrote: > No, it's only available for local sessions (ones which systemd-logind > considers > "local" + "active"). I think the idea is that console users automatically get > more privileges in general. Specifically, the idea is that console users should have access to devices that are the machine representation of things they can physically access anyway. The classic example is audio. If Alice is sitting at a desktop/laptop computer and Bob is ssh'd in to the same computer, it's fine for Alice to be able to record the same audio that she can hear already; but it is usually not OK for Bob to be able to record audio because that would let him spy on Alice. Similarly, logind defaults to allowing local active users to shut down the machine (because they are likely to be in a position to pull the plug or remove the battery anyway), but not remote users (to prevent them from causing denial-of-service for local users or other remote users). > For SSH-only usage, use traditional groups (e.g. add yourself to the "video" > group). To assign group ownership to /dev/kfd, use GROUP="foo" in udev rules. And, yes, the way to bypass the "only local users" bit is to add your uid to an appropriate group, which is a way of saying: this user has special privileges, and can access something (in your case video) even when not physically present. smcv ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel