Skip to main content

Adding a systemd service as a user

In the attempt to make SUDA as secure as possible it's best practice to not run any services as the root user.
To be able to do that as a jailed user we need to create and enabke a systemd service as a user (after adding systemd to the jail).

We do that by creating a new file under the desired user's home folder (in this case ¨/.config/systemd/user/x11vnc.service) with the following contents:

[Unit]
Description=VNC Server for X11

[Service]
ExecStart=x11vnc -shared -forever -noxdamage -localhost -noxrecord -nopw -many >
Restart=always

[Install]
WantedBy=default.target

Note that the Install part should only have WantedBy=default.target as other systemd targets don't seem to work in user mode.

After creating the file issuing

systemctl --user enable x11vnc.service

Will set the service to boot at startup and the Restart part will tell it to always restart if it fails for any reason.

Issuing sudo reboot will reboot the system and test if the service works.