I’ve set up a number of custom systemd service units that may contain sensitive data in their environment variables. While it’s not possible for non-root users to
systemctl cat that service, anybody can see all the data through
systemctl show. This is undesired as that data should not be read by other users. The *.service files in /etc/systemd/system are marked only readable by root (mode 600).
I couldn’t find any information about access restrictions for systemd. Is this even possible? Or is all systemd data considered public and world-readable? If there’s no security available, I guess I’ll have to stop using the systemd features and wrap everything in another layer of inaccessible script files.
My current environments are Ubuntu Server 16.04 and 20.04.
Place your desired environment variables in an access-restricted file and load it in your unit with
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.