On Mon, 11.08.14 19:48, tomw ([email protected]) wrote: > > > This looks weird. You first become user "xyzuser", then you run sudo > > again, to become "xyzuser"? What's that supposed to do? Why involve > > "sudo" here at all? You could also use PAMName= directly...? > > Thanks for your helpful comments. This setup is intended to boot > directly into an application w/o any user interaction and to run the > application w/o root privileges. You're right, either setting User or > using sudo is redundant. Using PAMName would request a password which > isn't suitable in this case.
No. PAMName= has the effect of opening a PAM session, nothing more. It will not go through the password logic of PAM. PAMName= is the right thing to do here, so that the normal PAM session hooks are used. Lennart -- Lennart Poettering, Red Hat _______________________________________________ systemd-devel mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/systemd-devel
