Change the user running a service

sureness898 · December 12, 2024, 7:57am

Hello,
For my thesis I must create vulnerable VM, and using NixOS could be very useful to manage the whole infrastructure. However it’s too secure for some stuff.

At the moment I’m trying to setup a wordpress that you could use to get the reverse shell, the problem is that the reverse shell give you only a nologin user that have only very limited action and does have access to a real shell as a regular user.

Is it possible to change the user running a service ? I’m running wordpress like this :

  services.wordpress.sites."localhost" = { 
    settings = {
      ALLOW_UNFILTERED_UPLOADS = true;
    };
  };

waffle8946 · December 12, 2024, 3:01pm

systemd.services.<servicename>.serviceConfig.User

see NixOS Search

sureness898 · December 12, 2024, 4:37pm

Thanks ! I don’t see any mention to User tho

waffle8946 · December 12, 2024, 4:47pm

Name
systemd.services.<name>.serviceConfig
Description

Each attribute in this set specifies an option in the [Service] section of the unit. See systemd.service(5) for details.

You have to read the systemd manpages to know what’s available.

sureness898 · December 13, 2024, 10:18am

Oh ok, thank you this helps

sureness898 · December 13, 2024, 10:45am

Actually this doens’t work
It seems to create a new service and it doesn’t find that wordpress is already a service. I can’t find wordpress in systemctl list. I thus have this error

○ wordpress.service
     Loaded: bad-setting (Reason: Unit wordpress.service has a bad unit file setting.)
     Active: inactive (dead)

Dec 13 11:40:25 nixos systemd[1]: wordpress.service: Service has no ExecStart=, ExecStop=, or SuccessAction=. Refusing.

Nebucatnetzer · December 13, 2024, 11:38am

Because your systemd service is probably not actually called “wordpress”.
Remember your trying to extend the systemd service, not the services.wordpress those are two different things.

I don’t know which service you need to extend to achieve what you want but you can use systemctl list-units to get a list of all running services or try to figure out the name of the service from the modules code: nixpkgs/nixos/modules/services/web-apps/wordpress.nix at a0f3e10d94359665dba45b71b4227b0aeb851f8e · NixOS/nixpkgs · GitHub

The linked line shows e.g. that the service for PHP would be called something like this: phpfpm-wordpress-some-site.com.service. From this you can either use that name directly to extend the systemd service or you can try to extract the required part from your wordpress config so that it will continue working when something in the module code changes.
For the beginning hardcoding the service name will work fine.

sureness898 · December 13, 2024, 12:03pm

I see, thank you for your help