michael/webmin
1
0
Fork 0
mirror of https://github.com/webmin/webmin.git synced 2026-06-05 21:00:22 +01:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity
Files
750940e2f5437be5fc246430ee6563efe8719c25
webmin/init/help/systemd_protectsystem.html
Ilia Ross a83db9f57d Add advanced systemd unit and user unit management 
This PR expands the "Bootup and Shutdown" module’s systemd support with creation and management for services, timers, sockets, paths and targets. It also adds user-scoped systemd units, linger controls, status and log actions, tabbed unit listings by type, and contextual help for the new options.

For user-scoped units, the implementation includes several safety guards because unit files live under user-controlled home directories:

- User accounts are validated with system account data before any user-unit operation is attempted.
- User unit names are restricted to known systemd unit suffixes and safe filename characters.
- User unit files are limited to direct children of `~/.config/systemd/user`.
- Symlinked `.config`, `.config/systemd`, and `.config/systemd/user` paths are rejected.
- User unit reads, writes, directory creation, and deletes are performed after dropping privileges to the target Unix user.
- File operations re-check paths close to the actual read/write/delete operation to reduce symlink race exposure.
- User unit create failures roll back half-created files when daemon reload fails.
- User-provided unit names, owners, paths, command output, and logs are HTML-escaped before display.
- systemctl, journalctl, and loginctl command arguments are shell-quoted before execution.
- User services omit `User=` and `Group=` directives because they already run under the selected user’s systemd manager.

Together, all these changes will allow Webmin admin to manage both system and user systemd units while keeping user-controlled home-directory paths from becoming root-level file read/write/delete exploits.

Implemented in response to these two issue requests  https://github.com/webmin/webmin/issues/2733 and https://github.com/webmin/webmin/issues/2734
2026-06-02 20:32:03 +02:00

11 lines
522 B
HTML
Raw Blame History

<header>Protect system</header>
<p>Restricts write access to system directories using
<tt>ProtectSystem=</tt>. Stronger values provide stricter filesystem
protection.</p>
<p><tt>true</tt> makes core system directories such as <tt>/usr</tt> and
<tt>/boot</tt> read-only. <tt>full</tt> also protects <tt>/etc</tt>.
<tt>strict</tt> makes the filesystem broadly read-only except for API
filesystems and paths explicitly made writable.</p>
<p>Use <tt>ReadWritePaths=</tt> for directories the service still needs to
modify.</p>
Reference in New Issue View Git Blame Copy Permalink