On Wed, Jan 11 2017, Daniel Kahn Gillmor wrote: >> I do not want to auto-start these services for the root user. I also want to >> disable auto-start completely in servers I'm logging into. I think both are >> pretty common scenarios and deserve special mention, as systemctl --user >> disable won't work some might expect. > > fwiw, nothing is auto-started at all -- the systemd user session opens > the sockets, but doesn't launch any daemons if the sockets are never > used. > > Put in more systemd-ish terms: it's the .socket units which are > automatically enabled, not the .service units. > > does that change what you want to happen?
Listening is still not a good idea in these cases. For instance, any command that probes the agent will start it as a result. This might be especially annoying for ssh, as there is still the choice between the gpg agent, ssh-agent, and nothing at all. I also don't think that these services make any sense for root (or more generally, any system user). Is there a way to restrict the unit? I'm also not entirely sure on the best way to disable the socket. Should you mask it?
