michael/webmin
1
0
Fork 0
mirror of https://github.com/webmin/webmin.git synced 2026-06-05 21:00:22 +01:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity
Files
750940e2f5437be5fc246430ee6563efe8719c25
webmin/init/help/systemd_unitconf.html
Ilia Ross a83db9f57d Add advanced systemd unit and user unit management 
This PR expands the "Bootup and Shutdown" module’s systemd support with creation and management for services, timers, sockets, paths and targets. It also adds user-scoped systemd units, linger controls, status and log actions, tabbed unit listings by type, and contextual help for the new options.

For user-scoped units, the implementation includes several safety guards because unit files live under user-controlled home directories:

- User accounts are validated with system account data before any user-unit operation is attempted.
- User unit names are restricted to known systemd unit suffixes and safe filename characters.
- User unit files are limited to direct children of `~/.config/systemd/user`.
- Symlinked `.config`, `.config/systemd`, and `.config/systemd/user` paths are rejected.
- User unit reads, writes, directory creation, and deletes are performed after dropping privileges to the target Unix user.
- File operations re-check paths close to the actual read/write/delete operation to reduce symlink race exposure.
- User unit create failures roll back half-created files when daemon reload fails.
- User-provided unit names, owners, paths, command output, and logs are HTML-escaped before display.
- systemctl, journalctl, and loginctl command arguments are shell-quoted before execution.
- User services omit `User=` and `Group=` directives because they already run under the selected user’s systemd manager.

Together, all these changes will allow Webmin admin to manage both system and user systemd units while keeping user-controlled home-directory paths from becoming root-level file read/write/delete exploits.

Implemented in response to these two issue requests  https://github.com/webmin/webmin/issues/2733 and https://github.com/webmin/webmin/issues/2734
2026-06-02 20:32:03 +02:00

18 lines
1.1 KiB
HTML
Raw Blame History

<header>Type-specific settings</header>
<p>Directives for the selected non-service unit type. Enter directives only,
without the section header; the correct section will be written, such as
<tt>[Timer]</tt>, <tt>[Socket]</tt>, <tt>[Path]</tt>, or <tt>[Target]</tt>.</p>
<p>For a timer, examples include <tt>OnCalendar=daily</tt>,
<tt>Persistent=true</tt>, and <tt>Unit=myjob.service</tt>. If <tt>Unit=</tt>
is omitted, systemd activates the service with the same base name, such as
<tt>myjob.service</tt> for <tt>myjob.timer</tt>.</p>
<p>For a socket, examples include <tt>ListenStream=8080</tt>,
<tt>ListenStream=/run/myapp.sock</tt>, <tt>Accept=false</tt>, and
<tt>Service=myapp.service</tt>. If <tt>Service=</tt> is omitted, systemd uses
the service with the same base name.</p>
<p>For a path unit, examples include <tt>PathChanged=/srv/myapp</tt>,
<tt>PathExists=/var/run/myapp.ready</tt>, and <tt>Unit=myjob.service</tt>.</p>
<p>For a target unit, this field can usually be left empty. Dependencies such
as <tt>Wants=</tt>, <tt>Requires=</tt>, <tt>Before=</tt>, and <tt>After=</tt>
are normally set in the common advanced options.</p>
Reference in New Issue View Git Blame Copy Permalink