On Mon, 12.05.14 12:03, Umut Tezduyar Lindskog (u...@tezduyar.com) wrote: > Hi, > > How do we set the user:group of a socket created by .socket file? > > We have thought User= and Group= should do the job but that doesn't > seem to be the case. Is this a missing feature or should we just set
This is a missing feature. And it is on the TODO list. It's not easy to fix though. To chmod() sockets properly we need to resolve the user/group names via NSS first. However, we cannot do NSS from PID1, since this might deadlock, since NSS frequently involves talking/activating local services. To properly handle this we hence need to do the chowning in a temporary child process. Which is a non-trivial amount of code... I have always been too lazy to implement this for now, however, we will soonishly have to add this, since for the kbdus policy we are in a similar situation (since the per-busname policy we upload also is bound to UID/GIDs we need to resolve), and if we fix it there, we can immediately open this up for .sockets too. > the permissions by ExecStartPost= on .socket file? Yes, this is the recommended work-around for now. Lennart -- Lennart Poettering, Red Hat _______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
