I'm like to be able to start a systemd session (e.g. systemd --user) for a given non-root user, and subsequently start a service (e.g. systemctl --user start SERVICE.service), all via a sudo -iu USER session, but without using loginctl enable-linger USER prior to that sudo invocation.
I know that if I were to ssh USER@host, PAM would happily create/start a systemd "session" for me, but I don't want nor can't use ssh. I also know that I could use loginctl enable-linger USER, but I don't want to do that either.
However, if the USER is already logged in, I'd like to use the existing session instead of starting a new one. What I want is something like this:
sudo -iu USER # or possibly sudo -su USER
# then in sudo subshell...
# setup pointers to correct DBUS session:
export XDG_RUNTIME_DIR="/run/user/$(id -u)"
export DBUS_SESSION_BUS_ADDRESS="unix:path=${XDG_RUNTIME_DIR}/bus"
# then start a systemd session, if not already running
loginctl show-user $(id -u) || systemd --user
Unfortunately, the systemd --user command errors out with something like:
Failed to create /user.slice/user-NNN.slice/session-NNN.scope/init.scope control group: Permission denied
Failed to allocate manager object: Permission denied
What am I missing? Clearly pam_systemd does what I want when headless/ssh sessions are started. I'm probably missing some fundamental piece of knowledge, so pointers to relevant docs are also desired, though I've already read most of the relevant man pages, I think.
For extra credit -- just like pam_systemd, if a session is not already running, and we have to start one, then that session should automatically be shutdown when the sudo session ends.
