When you hate something so much you have to find weird corner cases to support your views. Even then the way described isn’t how someone who knows that they are doing would do.
The best way for an unprivileged user to manage a service is for that user to run it. That way you inherit the correct permissions / acls / selinux contexts.
The command to do so is:
systemctl --user start the_service.service
What if multiple users have to manage that service?
Edit: nvrmnd, pretty sure the runnit solution won’t allow this either, your answer is correct. What about while the service is already running? Wouldn’t your solution require a restart?
If the service is already running it has to be stopped as a system service and run as a user service. In order to ensure that the service inherits all the correct permissions / acls / se linux policies the service needs to be launched from the limited permissions context.
With the systemd approach you’re not just passing a control handle around. You’re ensuring the process is running under an appropriate security context.
If you want to let multiple users manage the user systems service, I would probably go with sudo and systemd user files. You could create a group which has sudo access etc. The important idea is that an unprivileged user controls an unprivileged service.
With the systemd approach
What about this makes it “the systemd approach”? runit supports user services too. These are just two different tasks that are needed in different contexts. Sometimes what you need is to “pass a control handle around” to a privileged service. And sometimes you need to actually make a service unprivileged.
pretty sure the runnit solution won’t allow this either
I’m no expert, but I think you could make a special group, set the
supervisedirectory to be owned by that group, and add all relevant users to that group? Either way, as I explained in a different reply, running the service as a user vs letting that user control a root service are completely different things, and one is not always a substitute for the other.A generic stack overflow answer:
Do you REALLY need multiple users to manage that service? Maybe it’s better to have multiple instances of that service and… (This goes on and on)
have to find weird corner cases
Lol. Lmao even. I needed to do this because I wanted to learn the miryoku keyboard layout , and I wanted a way to quickly switch between Miryoku and standard QWERTY. The best way to do this that I could come up with was to bind a special key on my keyboard to toggle kmonad on and off. So I wrote a service for kmonad and gave my user permission to manage it. Running kmonad as my user wouldn’t work, because kmonad needs root to create a virtual input device.
Luckily, I am running Void, so the solution was a single well-documented command. Out of curiosity I decided to take a look at what this would look like on systemd distros, leading to this meme. Honestly, I had to do a double take by the time the guy started talking about Javascript.
I feel kind of useless typing this out because you’re just gonna ignore it anyway. In my post, I am talking about needing to do X. Your response is “why are you doing X, you should do Y”. Why am I not surprised that you’re a systemd user? Do you also use Gnome by any chance?
Hey. There is no reason to feel useless. Everyone has value. And the best part about Linux is that we all can make our own choices. If people hate systemd they don’t have to use it. That’s ok. Void linux I think is actually a pretty cool distro. It reminds me of the BSDs for some reason.
I use systemd because I like how it works and I think it’s well designed. As for desktops I am a huge fan of sway. Gnome isn’t bad on a laptop or tablet though. What do you use?
I’m on bspwm right now, but I’ve been thinking of switching to wayland (in particular, hyprland). I’ve got nothing against gnome BTW. I have a friend with one of those laptops that turns into a tablet by flipping the keyboard to the back, and he also says Gnome is the only DE that “just works” for touchscreen, even though he uses KDE on his main laptop and desktop.
How are things on wayland by the way? From what I understand, it has partial support for running X11 apps, right? Do you use any X11 apps, or were you able to find wayland-native counterparts for everything?
[void] reminds me of the BSDs for some reason
I’ve heard this comparison a lot, though I don’t know what it means, since I’ve never used BSD haha. Maybe I should give BSD a try sometime.
And the best part about Linux is that we all can make our own choices
Amen to that!
and I wanted a way to quickly switch between Miryoku and standard QWERTY. The best way to do this that I could come up with was to bind a special key on my keyboard to toggle kmonad on and off.
You couldn’t think of to use layers?
Well that would require learning the kmonad config syntax, and I was just looking for a quick solution… but yeah, adding a QWERTY layer is a better solution in the long term, I’ll probably do that some time
he’s trying to run the service as a user without run sudo, good luck trying that with runit
Maybe its a root shell?
he don’t want to log as root, so a root shell isn’t what he want
Haters gonna hate
How is chown-R someuser different from systemctl—user?
one is giving the permission to manage the system service to a specific user, the other is running the service as the current user so they have permission to manage it by default
Big news (from 2017): debian held back software features because someone doesn’t like the new way of doing things. Let’s blame systemd for this unprecedented case.
What’s wrong with giving access to the specific sudo command, as suggested in the other answers?
I’m gonna fuck up my desktop now breaking away from systemd
Yeah, I would switch off, but it just doesn’t seem worth the effort for something I rarely interact with.
If it’s providing you the functionality you want using an overhead you’re fine with, there’s no reason to change it.
Is it r-unit, or run-it?
I’ve read it as r-unit for so long and now I’ve only just realised that run-it makes far more sense
Someone is asking the important questions
lol I’ve been pronouncing nginx as “enn-jinx” for so long before I learned that it was “engine-ex”.
And how do you do this in gnu shepherd?
You don’t!
I’m out of the loop. The answer that references “one person’s personal opinion” is from 2017, and the context it links to is from 2016. Surely things have changed since then, right?
… Right?
(I’m genuinely asking, I’ve got no idea)
Edit: I just checked on Linux Mint 21.3. It’s still on the same version as back then, 0.105. Well, Debian is nothing if not sable!
Bookworm looks to be on version 122, so as downstream distros update to newer Debian versions, it should be updated now
Mint 21.3 is based on Debian Bookworm (via Ubuntu 22.04, not counting LMDE of course). I don’t know what you’re looking at and I also don’t fully know how this works, but what you said doesn’t seem to be the case.
Ubuntu 22.04 is long before Bookworm
It looks like Ubuntu pulled in Bookworm’s version in 23.10
If Mint is sticking to LTS Ubuntu versions, it will get it whenever it rebases on top of Ubuntu 24.04
Edit: Debian (Bookworm) polkitd version 122: https://packages.debian.org/bookworm/polkitd
Ubuntu 22.04 polkitd version 105: https://packages.ubuntu.com/jammy/polkitd
Ubuntu 24.04 pre-release polkitd version 124: https://packages.ubuntu.com/noble/polkitd
Very well, you seem to definitely know this stuff better than me! I based my comment on this answer and getting this myself on Mint 21.3:
$ cat /etc/debian_version bookworm/sidBut reading a bit closer, I think this is the key part:
That’s how, for example, Ubuntu 20.04, released in April 2020, can be based on Debian 11 “Bullseye”, which was released in August 2021.
So Ubuntu probably pulled Bookworm before it was released, and before it upgraded policykit. But it’s still to some extent based on Bookworm. Does that sound right?
Yeah, Ubuntu pulls in the development version of Debian
“Sid” is the unstable name for Debian - where packages are being tested for the next release
Debian Bookworm was released 2023
Ubuntu LTS and Debian have tended to release on a two year cadence offset by a year
- Debian Stretch (2017)
- Ubuntu 18.04 (2018)
- Debian Buster (2019)
- Ubuntu 20.04 (2020)
- Debian Bullseye (2021)
- Ubuntu 22.04 (2022)
- Debian Bookworm (2023)
- Ubuntu 24.04 (2024)
DJB is a genius
Guys I only used SystemD and I didn’t know you could use anything else lol stop hating I never had any problems!
Does resolve.d let me use DHCP address with a manually set DNS server yet?
Runit, making systems easily pwnable since 2004 🎉
- Step 1: Make a system service run as root
- Step 2: Give service a runlevel that starts it at boot
- Step 3: Make the file modifiable by a normal user
- Step 4: ???
- Step 5: pwned
Wow much philosopy. Is great. Incredible chievement. Very pressive!
Gonna be honest, never heard of running before this. Briefly considered switching before OPs presentation in the comments turned me off. I don’t want to associate with his/ her mind of weirdo, they aren’t fun.
What on earth did I do to offend you this much?
Were you not being serious when you were calling people systemd-bots?
I was being serious, but I’m not calling everyone who uses sytemd a bot. It has its merits, I use it on my homeserver (NixOS). When I say “systemd bot” I mean “people who blindly dismiss valid criticism of systemd”. Same as when some people say “russian bot” they mean “troll who is paid to advocate for the actions of russian government”, and not “everyone from russia is a bot”.
Fair enough. Can’t say I know enough to really decide what is or isn’t valid criticism.
Thanks for posting your original comment btw, now that I read over my own comments I do realise that it comes across as very hostile and a little silly, regardless of intention.
No, thank you for being so reasonable.
systemd is for the weak. red hat and lennart are just shit.
I don’t support calling people who volunteer their time to develop free software “just shit”, but I can’t help but agree at least a little bit about redhat. Redhat is kind of like Richard Nixon: if you just assume that eveything you dislike is their fault, you would be right surprisingly often.
- “Predictable” interface naming
- avahi
- dbus
That being said, they did also contribute to a lot of kickass software, from btrfs to Firefox to linux namespaces to qemu to pipewire, as well as to software that you can’t really live without like glibc or gdb. So I guess the converse also holds: if you just assume that everything you like is there thanks to redhat, you would be correct pretty often as well. Can’t really say that about Nixon though.
hitler built the autobahn. enough to not call him shit? doubt that.
what lennart and red hat have done is just terrible.
