undefined | Better HN

0 pointsteddyh3y ago0 comments

Systemd needs the common parent directory of the home directory of all users on the system, in order to protect all user home directories from services. There is no “the” user.

0 comments

kps3y ago

I did misplace the apostrophe. There is no guaranteed common parent directory of all users other than `/`.

teddyhOP3y ago

Systemd wants to provide an option of limiting services from writing, and optionally also from reading, in the home directories of all users. However, there is no reasonable algorithm to discover a single common parent directory which would not also risk encompassing other directories which should not be restricted, so the hardcoded /home is used by the ProtectHome option. If you have home directories somewhere else, but want the same protection by systemd, you will have to use the InaccessiblePaths or ReadOnlyPaths option for all individual system services which you want to restrict in this manner.

j / k navigate · click thread line to collapse

0 comments

kps3y ago

I did misplace the apostrophe. There is no guaranteed common parent directory of all users other than `/`.

teddyhOP3y ago

j / k navigate · click thread line to collapse