On 25.03.2014 15:10, Mantas Mikulėnas wrote:
>> What behavior do you want?
>
>
> The requirement I initially asked about, is this: given the proper
sudoers entry allow user alice to run
>
> $ sudo -u bob systemctl --user reload nginx.service
>
> and have it work. My analysis ended at the point that even when using
pam_systemd, sudo does not provide the proper XDG_SESSION* environment
variables to the executed command.
The only important variable here is XDG_RUNTIME_DIR, as systemctl looks
there for the user instance's private socket. I think in later versions
it *is* exported by pam_systemd – that your example has the username and
not the UID in this variable shows that it's a quite old systemd version.
The other two variables identify the login session – XDG_SESSION_ID is
set by pam_systemd to the logind session ID (for scripts and
informational purposes mostly), and XDG_SESSION_COOKIE comes from
ConsoleKit (which actually depends on the variable).
I am not sure why the latter two are set at all in your case – 'su'
probably should not create a new login session, it should remain in the
previous one. On the other hand, there were a few threads about just how
much 'su' and 'sudo' are meant to change...It also depends on whether
su/sudo are invoked *from* within an existing session (they should
always be).
Thank you for your clarification. Iff the XDG_RUNTIME_DIR is the only
required thing, I can probably force that to the correct value via an
sudo env_file.
I'll test.
Regards, David
_______________________________________________
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel
