Lennart Poettering on Nostr: …to empty out a specific directory of these for a unit. But more importantly: ...
…to empty out a specific directory of these for a unit.
But more importantly: there's a security angle to it. Because the service manager runs privileged it can set up these directories on service activation and chown() them appropriately so that the an unprivileged service can then make use of them.
This works great. But because we wanted life to be exciting we complicated the whole thing: back in v232 we added the DynamicUser=1 concept to service management.
But more importantly: there's a security angle to it. Because the service manager runs privileged it can set up these directories on service activation and chown() them appropriately so that the an unprivileged service can then make use of them.
This works great. But because we wanted life to be exciting we complicated the whole thing: back in v232 we added the DynamicUser=1 concept to service management.