On Fri, Dec 7, 2018 at 9:47 PM Dinesh Prasanth Moluguwan Krishnamoorthy < [email protected]> wrote:
> Oh damn! Yes. It worked! > > So, my next question would be "how to avoid it?" > > To expand a bit more: > > I want to make these passwords inaccessible outside the systemd service > even by that USER. (or does it sound something contradictory?) > > Regards, > Dinesh > It does sound contradictory; it rarely makes sense to isolate the user from themselves. It might be *possible* to set the key's permissions such that only the "possessor" has full permissions, but the "uid/gid/other" have none. (e.g. keyctl setperm <id> 0x3f000000). -- Mantas Mikulėnas
_______________________________________________ systemd-devel mailing list [email protected] https://lists.freedesktop.org/mailman/listinfo/systemd-devel
