systemd: create locked dbus user if possible

Since there is no need to log in as the dbus user, fully lock the account. The same is done with system users in systemd itself. The feature is available since systemd 257. Use if possible, otherwise stay with minimum version requirement 209. Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
2026-06-14 17:38:22 +02:00 · 2026-01-05 20:39:38 +01:00 · 2026-01-05 20:39:38 +01:00 · 5124febd8b
commit 5124febd8b
parent 4f5796a37d
2 changed files with 6 additions and 1 deletions
--- a/bus/sysusers.d/dbus.conf.in
+++ b/bus/sysusers.d/dbus.conf.in
@ -2,4 +2,4 @@
 # at boot on systemd-based systems that ship with an unpopulated
 # /etc. See sysusers.d(5) for details.

-u @DBUS_USER@ - "System Message Bus"
+u@DBUS_USER_LOCK@ @DBUS_USER@ - "System Message Bus"
--- a/meson.build
+++ b/meson.build
@ -549,6 +549,11 @@ if use_systemd
            : '/usr/lib/systemd/user'
        )
    endif
+
+    # Version 257 and above support locked system accounts; use if available.
+    if systemd.version().version_compare('>=257')
+        data_config.set('DBUS_USER_LOCK', '!')
+    endif
 else
    systemctl = ''
 endif