NoNewPrivileges setting
This article has last been updated at .
The property NoNewPrivileges is a systemd unit setting used for sandboxing. It is available since systemd 187.
Purpose: prevent processes from gaining new privileges
New to securing and tuning systemd services? Start with the how to harden a systemd service unit article to learn tuning step-by-step, including the usage of relevant tools.
Why and when to use NoNewPrivileges
The systemd unit setting NoNewPrivileges prevents processes and its children of obtaining new privileges. Normally this is possible via execve(2), a syscall that executes a program and when filesystem capabilities provide new privileges. Another option is obtaining this via setgid and setuid bits on files.
Configuration options of NoNewPrivileges
When this unit setting is set to ‘yes’, the process and child processes will be denied the possibility to get additional privileges.
Generic advice
Most services can be configured with NoNewPrivileges=yes.
Values
Systemd unit setting NoNewPrivileges expects a boolean (yes/no or true/false).
| Value | Intended action | Available since systemd version |
|---|---|---|
| no | processes may obtain new privileges - default | |
| yes | processes are restricted and can't gain new privileges |
Example to show the current value of NoNewPrivileges for the ssh service:
systemctl show --property=NoNewPrivileges ssh.serviceRelated hardening profiles
The systemd unit setting NoNewPrivileges is used in the following systemd hardening profiles. These hardening profiles help improving security of common Linux services and usually require minimal tuning.
