... | ... | @@ -143,6 +143,14 @@ $ sudo systemctl force-reload sshd |
|
|
```
|
|
|
If for some reason you need to pass special environment variables to `guardctrl`, you can point the ForceCommand to something like `/etc/guardian/guardctrl-ssh-bridge` which can be a shell script that sets the needed environment and then execs `/usr/bin/guardctrl` (without arguments). Make sure the wrapper script is executable.
|
|
|
|
|
|
NOTE: the password for the guardctrl user ("guardian" in this case) must not be "locked". You can check the status of the account with `passwd -S`:
|
|
|
```
|
|
|
root@h1guardian1:~# passwd -S guardian
|
|
|
guardian NP 09/10/2020 0 99999 7 -1
|
|
|
root@h1guardian1:~#
|
|
|
```
|
|
|
Note that the second field says "NP" for "no password", and does *not* say "L" for "locked".
|
|
|
|
|
|
### local guardian user access
|
|
|
|
|
|
Occasionally it might be necessary to access the guardian user directly, via e.g a terminal. If passwordless SSH access has been enabled as described above, then it won't be possible to access a guardian user terminal via ssh directly, and you'll need to change user from root. However, su and sudo do not provide access to the user dbus session needed to interact with `systemctl --user`. The `systemd-container` package includes the `machinectl` interface whose `shell` command allows for a clean user environment with all dbus interfaces available:
|
... | ... | |