Re: [systemd-devel] systemd - how to run system service by user target

[Andrei Borzenkov]

20.10.2016 15:00, Lennart Poettering пишет:
> On Thu, 20.10.16 05:23, Kamil Jońca (kjo...@o2.pl) wrote:
> 
>> Lennart Poettering  writes:
>>
>>> On Wed, 19.10.16 12:46, Kamil Jońca (kjo...@o2.pl) wrote:
>>>

 Assume we have openvpn.service.
 This service neccessary only when I want to connect to my work from
 home.

 Is it possible to make user target which will be automatically run this
 service?
>>>
>>> Whenever a user logs in it will get a per-user slice unit
>>> started. When the user logs out, the slice unit is removed. You could
>>
>> Unfortunately we cannot say about user login/logout - I have my laptop
>> and it is only hibernated or sleeping. 
>> I thought rather about:
>>
>> --8<---cut here---start->8---
>> systemctl --user start work-at-home.target
>> --8<---cut here---end--->8---
>> which runs vpn, mounts network discs etc.
>> Is it possible?
> 
> Well, this would require a privilege elevation. You can configure that
> by invoking "systemctl start --system" on the right system units, and
> then telling PK via its policy language that your user shall be
> allowed to do that. But I am not PK policy pro, you'd have to check
> the policy language to figure out how best to do this.
> 

To figure out how to best to do this we need to know what information
systemd provides with polkit request (i.e. which details are available
to make decision upon). I could not find documentation that describes
it. Without details this is all or nothing.
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] systemd - how to run system service by user target

[Lennart Poettering]

On Thu, 20.10.16 05:23, Kamil Jońca (kjo...@o2.pl) wrote:

> Lennart Poettering  writes:
> 
> > On Wed, 19.10.16 12:46, Kamil Jońca (kjo...@o2.pl) wrote:
> >
> >> 
> >> Assume we have openvpn.service.
> >> This service neccessary only when I want to connect to my work from
> >> home.
> >> 
> >> Is it possible to make user target which will be automatically run this
> >> service?
> >
> > Whenever a user logs in it will get a per-user slice unit
> > started. When the user logs out, the slice unit is removed. You could
> 
> Unfortunately we cannot say about user login/logout - I have my laptop
> and it is only hibernated or sleeping. 
> I thought rather about:
> 
> --8<---cut here---start->8---
> systemctl --user start work-at-home.target
> --8<---cut here---end--->8---
> which runs vpn, mounts network discs etc.
> Is it possible?

Well, this would require a privilege elevation. You can configure that
by invoking "systemctl start --system" on the right system units, and
then telling PK via its policy language that your user shall be
allowed to do that. But I am not PK policy pro, you'd have to check
the policy language to figure out how best to do this.

Lennart

-- 
Lennart Poettering, Red Hat
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] systemd - how to run system service by user target

[Kamil Jońca]

Lennart Poettering  writes:

[...]
>
> Well, this would require a privilege elevation. You can configure that
> by invoking "systemctl start --system" on the right system units, and
> then telling PK via its policy language that your user shall be
> allowed to do that. But I am not PK policy pro, you'd have to check
> the policy language to figure out how best to do this.

Well, simpler would be do system target, and run systemctl via sudo :)
Thanks.
KJ
-- 
http://stopstopnop.pl/stop_stopnop.pl_o_nas.html
The church is near but the road is icy; the bar is far away but I will
walk carefully.
-- Russian Proverb
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] systemd - how to run system service by user target

[Lennart Poettering]

On Wed, 19.10.16 12:46, Kamil Jońca (kjo...@o2.pl) wrote:

> 
> Assume we have openvpn.service.
> This service neccessary only when I want to connect to my work from
> home.
> 
> Is it possible to make user target which will be automatically run this
> service?

Whenever a user logs in it will get a per-user slice unit
started. When the user logs out, the slice unit is removed. You could
make sure that your service is pulled in by this slice when the slice
is started (and hence at login) and stopped whenever the slice is
stopped (i.e. at last logout). There's no particularly nice scheme for
that in place, but if you have well-established UIDs, it would be as
easy as dropping in a symlink
/etc/systemd/system/user-1000.slice.wants/
pointing to your main service file. Then, inside that file, add
dependencies back to the slice, i.e. something like
BindsTo=user-1000.slice

I hope you get the idea of what I am suggesting here...

Lennart

-- 
Lennart Poettering, Red Hat
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/systemd-devel

[systemd-devel] systemd - how to run system service by user target

[Kamil Jońca]

Assume we have openvpn.service.
This service neccessary only when I want to connect to my work from
home.

Is it possible to make user target which will be automatically run this
service?
KJ
-- 
http://wolnelektury.pl/wesprzyj/teraz/
Alas, I am dying beyond my means.
-- Oscar Wilde [as he sipped champagne on his deathbed]
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/systemd-devel