mirrors/systemd
0
0
Fork 0
mirror of https://github.com/systemd/systemd.git synced 2024-12-14 04:33:37 +08:00
Code Issues Packages Projects Releases Wiki Activity

logind: allow any user to request lingering

Browse Source 
We enable lingering for anyone who wants this. It is still disabled by
default to avoid keeping long-running processes accidentally.
Admins might want to customize this policy on multi-user sites.
This commit is contained in:
Zbigniew Jędrzejewski-Szmek 2016-04-12 22:52:28 -04:00
parent 921f831d3e
commit 152199f2d7
3 changed files with 16 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
NEWS
View File

@ -40,8 +40,9 @@ CHANGES WITH 230 in spe:
After the user logs out of all sessions, user@.service will be After the user logs out of all sessions, user@.service will be
terminated too, by default, unless the user has "lingering" enabled. terminated too, by default, unless the user has "lingering" enabled.
To effectively allow users to run long-term tasks even if they are To effectively allow users to run long-term tasks even if they are
logged out, lingering must be enabled for them. See loginctl(1) logged out, lingering must be enabled for them. See loginctl(1) for
for details. details. The default polkit policy was modified to allow users to
set lingering for themselves without authentication.
Previous defaults can be restored at compile time by the Previous defaults can be restored at compile time by the
--without-kill-user-processes option. --without-kill-user-processes option.

8
src/login/logind-dbus.c
View File

@ -1077,11 +1077,11 @@ static int method_terminate_seat(sd_bus_message *message, void *userdata, sd_bus
static int method_set_user_linger(sd_bus_message *message, void *userdata, sd_bus_error *error) { static int method_set_user_linger(sd_bus_message *message, void *userdata, sd_bus_error *error) {
_cleanup_free_ char *cc = NULL; _cleanup_free_ char *cc = NULL;
Manager *m = userdata; Manager *m = userdata;
int b, r; int r, b, interactive;
struct passwd *pw; struct passwd *pw;
const char *path; const char *path;
uint32_t uid; uint32_t uid;
int interactive; bool self = false;
assert(message); assert(message);
assert(m); assert(m);
@ -1102,6 +1102,8 @@ static int method_set_user_linger(sd_bus_message *message, void *userdata, sd_bu
if (r < 0) if (r < 0)
return r; return r;
self = true;
} else if (!uid_is_valid(uid)) } else if (!uid_is_valid(uid))
return -EINVAL; return -EINVAL;
@ -1113,7 +1115,7 @@ static int method_set_user_linger(sd_bus_message *message, void *userdata, sd_bu
r = bus_verify_polkit_async( r = bus_verify_polkit_async(
message, message,
CAP_SYS_ADMIN, CAP_SYS_ADMIN,
"org.freedesktop.login1.set-user-linger", self ? "org.freedesktop.login1.set-self-linger" : "org.freedesktop.login1.set-user-linger",
NULL, NULL,
interactive, interactive,
UID_INVALID, UID_INVALID,

8
src/login/org.freedesktop.login1.policy.in
View File

@ -111,6 +111,14 @@
</defaults> </defaults>
</action> </action>
<action id="org.freedesktop.login1.set-self-linger">
<_description>Allow non-logged-in user to run programs</_description>
<_message>Explicit request is required to run programs as a non-logged-in user.</_message>
<defaults>
<allow_any>yes</allow_any>
</defaults>
</action>
<action id="org.freedesktop.login1.set-user-linger"> <action id="org.freedesktop.login1.set-user-linger">
<_description>Allow non-logged-in users to run programs</_description> <_description>Allow non-logged-in users to run programs</_description>
<_message>Authentication is required to run programs as a non-logged-in user.</_message> <_message>Authentication is required to run programs as a non-logged-in user.</_message>