Il 06/01/2024 01:04, Greg Wooledge ha scritto:
On Fri, Jan 05, 2024 at 11:37:41PM +0100, Valerio Vanni wrote:
This way works, I don't know if it has security flaws.
------------
systemd-run --unit=kaffeine-resumed setpriv --reuid "$kafuid" --regid
"$kafgid" --init-groups --reset-env \
env XDG_RUNTIME_DIR=/run/user/"$kafuid" $kafdis
XDG_CURRENT_DESKTOP=KDE \
/usr/bin/kaffeine --lastchannel > /dev/null 2>&1
------------
systemd-run(1) appears to have its own --uid and --gid options. If
you can live without supplementary groups and the variables that are
set by --reset-env, you can probably drop the setpriv part and just use
systemd-run's --uid and --gid.
On the other hand, if it ain't broke....
I tried the options when I tried systemd-run, but it didn't work.
I only added them, but now I see that you have to choose: or them or
setpriv.
Now it's:
systemd-run --unit=kaffeine-resumed --uid="$kafuid" --gid="$kafgid" \
env XDG_RUNTIME_DIR=/run/user/"$kafuid" $kafdis
XDG_CURRENT_DESKTOP=KDE \
/usr/bin/kaffeine --lastchannel > /dev/null 2>&1
Outcome is the same.
The only difference is that a line is added to syslog about unit creation:
Started kaffeine-resumed.service - /usr/bin/env
XDG_RUNTIME_DIR=/run/user/1000 DISPLAY=:0 XDG_CURRENT_DESKTOP=KDE
/usr/bin/kaffeine --lastchannel.
