michael/webmin
1
0
Fork 0
mirror of https://github.com/webmin/webmin.git synced 2026-06-24 13:00:30 +01:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity
Files
162a103c455ebfe3609fe0e2847574ace20db1c8
webmin/systemd/help/systemd_protectsystem.html
Ilia Ross d94000afbd Add Systemd Services and Units module 
This PR adds a standalone Systemd Services and Units module for managing systemd units across system and user scopes.

The module keeps systemd-specific behavior separate from the legacy Bootup and Shutdown module and is implemented as standalone `strict`/`warnings` Perl code rather than depending on its existing init helpers. Those helpers intentionally smooth over multiple init systems, while this module keeps systemd-specific file handling, user-manager behavior, ACL checks, and control operations explicit, scoped, and easier to audit.

It includes:

- Tabbed views for services, timers, sockets, paths, targets, storage, resources, devices, and user units
- Guided creation and editing for common unit types, with contextual fields, validation, and help
- User-scoped unit management with linger support and safe handling of home-directory unit files
- Runtime actions for start, stop, restart, enable, disable, status, logs, properties, dependencies, and system-unit mask/unmask
- Drop-in override inventory plus create, edit, and delete flows
- Manual unit-file editing with daemon reload reminders and actions
- Configurable module behavior, visible tabs, display options, and post-create navigation
- Comprehensive ACL controls for system/user scopes, actions, manual edits, drop-ins, linger, reload, backup, and user filters
- Safe Webmin user support through a scoped safe ACL preset
- Virtualmin integration for granting domain owners access to their own systemd user units
- Tests for unit generation, safety checks, ACL behavior, user-unit handling, backup coverage, and Perl::Critic compatibility

A companion Virtualmin PR adds template integration so domain owners can be granted scoped access to their own systemd user units when this module is installed.
2026-06-12 20:55:28 +02:00

11 lines
528 B
HTML
Raw Blame History

<header>Protect system files</header>
<p>Restricts write access to system directories using
<tt>ProtectSystem=</tt>. Stronger values provide stricter filesystem
protection.</p>
<p><tt>true</tt> makes core system directories such as <tt>/usr</tt> and
<tt>/boot</tt> read-only. <tt>full</tt> also protects <tt>/etc</tt>.
<tt>strict</tt> makes the filesystem broadly read-only except for API
filesystems and paths explicitly made writable.</p>
<p>Use <tt>ReadWritePaths=</tt> for directories the service still needs to
modify.</p>
Reference in New Issue View Git Blame Copy Permalink