I'm like to be able to start a systemd
session (e.g. systemd --user
) for a given non-root user, and subsequently start a service (e.g. systemctl --user start SERVICE.service
), all via a sudo -iu USER
session, but without using loginctl enable-linger USER
prior to that sudo
invocation.
I know that if I were to ssh USER@host
, PAM would happily create/start a systemd
"session" for me, but I don't want nor can't use ssh
. I also know that I could use loginctl enable-linger USER
, but I don't want to do that either.
However, if the USER is already logged in, I'd like to use the existing session instead of starting a new one. What I want is something like this:
sudo -iu USER # or possibly sudo -su USER
# then in sudo subshell...
# setup pointers to correct DBUS session:
export XDG_RUNTIME_DIR="/run/user/$(id -u)"
export DBUS_SESSION_BUS_ADDRESS="unix:path=${XDG_RUNTIME_DIR}/bus"
# then start a systemd session, if not already running
loginctl show-user $(id -u) || systemd --user
Unfortunately, the systemd --user
command errors out with something like:
Failed to create /user.slice/user-NNN.slice/session-NNN.scope/init.scope control group: Permission denied
Failed to allocate manager object: Permission denied
What am I missing? Clearly pam_systemd
does what I want when headless/ssh
sessions are started. I'm probably missing some fundamental piece of knowledge, so pointers to relevant docs are also desired, though I've already read most of the relevant man pages, I think.
For extra credit -- just like pam_systemd
, if a session is not already running, and we have to start one, then that session should automatically be shutdown when the sudo
session ends.