I have set up a NanoPI M4B with ubuntu 24.04 server with kodi (6:20.2+git20230630.0528-5f418d0b13-0 for completeness, though likely not relevant to the question). The device is intended to be a music-only media player with a small touch screen panel and a JSON-RPC remote control I plan to implement. Everything is working very nicely.
I would like to set up the boot so that when running the systemd graphic.target kodi is started at boot so that I don’t need to attach a keyboard to the device. AFAIUI I can do this by setting a systemd service to start kodi for that target essentially as described here with modification. I’m wondering though if there is a way to drop privileges on starting kodi, not really wanting to run kodi as root, even if the device is not doing anything else, and is not exposed to the internet. setuidgid seems not to work, with kodi complaining that it cannot start the GUI if I downgrade to the kodi user from root (or if this is done via other similar mechanisms).
Is there a conventional way to achieve something like this?