[kortschak]

I have set up a NanoPI M4B with ubuntu 24.04 server with kodi (6:20.2+git20230630.0528-5f418d0b13-0 for completeness, though likely not relevant to the question). The device is intended to be a music-only media player with a small touch screen panel and a JSON-RPC remote control I plan to implement. Everything is working very nicely.

I would like to set up the boot so that when running the systemd graphic.target kodi is started at boot so that I don't need to attach a keyboard to the device. AFAIUI I can do this by setting a systemd service to start kodi for that target essentially as described here with modification. I'm wondering though if there is a way to drop privileges on starting kodi, not really wanting to run kodi as root, even if the device is not doing anything else, and is not exposed to the internet. setuidgid seems not to work, with kodi complaining that it cannot start the GUI if I downgrade to the kodi user from root (or if this is done via other similar mechanisms).

Is there a conventional way to achieve something like this?

[kortschak]

Turns out this is as easy as it should be expected to be. I simply added a systemd service wanted by multi-user.target with the user set to me low privilege user. Everything works as I would want.

service file:
[Unit]

Description=Kodi

Requires=network-online.target

After=network-online.target



[Service]

Restart=always

RestartSec=2s

User=kodi

ExecStart=/usr/bin/kodi

ExecStop=/usr/bin/pkill -9 kodi.bin



[Install]

WantedBy=multi-user.target

[fritsch]

Make sure you are in the right groups to e.g. audio, video, render - maybe plugdev so that hw acceleration, modesetting and audio works properly. Those groups depend on what you are actually using for the said matters.

[kortschak]

Thanks, yes, I just noticed. I was so excited that I had the GUI working correctly that I didn't test the audio, which was not. Added the user to audio and render (was already in video), and now we are all good.