2018-08-13 12:52 GMT+02:00 Michael Chapman <mike at very.puzzling.org>:
> On Mon, 13 Aug 2018, Cecil Westerhof wrote:
> > 2018-08-13 11:51 GMT+02:00 Michael Chapman <mike at very.puzzling.org>:
> >
> > > On Mon, 13 Aug 2018, Cecil Westerhof wrote:
> > > > I have a service that is run as a different user as root. But only
> root
> > > can
> > > > restart the service. Is there a way to make 'systemctl restart' work
> for
> > > > the user that runs the service?
> > >
> > > You could simply add some Sudo rules allowing the user to perform that
> > > command.
> > >
> > > Alternatively, you can write a polkit rule to describe the permissions.
> > > For example, the following would give permission for a particular
> > > user to restart a particular service:
> > >
> > > polkit.addRule(function(action, subject) {
> > > if (action.id == "org.freedesktop.systemd1.manage-units" &&
> > > action.lookup("unit") == "example.service" &&
> > > action.lookup("verb") == "restart" &&
> > > subject.user == "username") {
> > > return polkit.Result.YES;
> > > }
> > > });
> > >
> > > See the AUTHORIZATION RULES section of the polkit(8) manpage for
> further
> > > details.
> > >
> >
> > I tried to put this in:
> > /etc/polkit-1/rules.d/10-auth.rules
> >
> > When reading:
> > https://www.freedesktop.org/software/polkit/docs/latest/
> polkit.8.html
> > AUTHORIZATION RULES
> >
> > It should work immediately after writing the file, but it does not.
> > Is there something else I should do?
> >
> > I am using Debian 9.
>
> It should work immediately. polkitd will log that it is reloading the
> rules. I suggest you check the log... maybe there's some syntax error or
> other problem with your rule file.
>
I already checked the log, but when changing the file, nothing is logged. I
remember that some things have a different location in Debian. So probably
I should ask this on a Debian group.
--
Cecil Westerhof
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/systemd-devel/attachments/20180813/bab80ace/attachment-0001.html>
Restarting a service as user instead as root
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- Subject: Restarting a service as user instead as root
- From: cldwesterhof@xxxxxxxxx (Cecil Westerhof)
- Date: Mon, 13 Aug 2018 12:58:44 +0200
- In-reply-to: <alpine.LFD.2.21.1808132051150.28428@beren.home>
- References: <CAG-LmmD-3CzeBMXaHskbp2Sbeq+=O=OYz8he7oDVVgVFJdWDkA@mail.gmail.com> <alpine.LFD.2.21.1808131947570.28428@beren.home> <CAG-LmmDGbkZKbnTTLmE_SvNC6-R7twCknpr+Juqt_VxFQwYa1A@mail.gmail.com> <alpine.LFD.2.21.1808132051150.28428@beren.home>
- References:
- Restarting a service as user instead as root
- From: Cecil Westerhof
- Restarting a service as user instead as root
- From: Michael Chapman
- Restarting a service as user instead as root
- From: Cecil Westerhof
- Restarting a service as user instead as root
- From: Michael Chapman
- Restarting a service as user instead as root
- Prev by Date: Restarting a service as user instead as root
- Next by Date: Restarting a service as user instead as root
- Previous by thread: Restarting a service as user instead as root
- Next by thread: Restarting a service as user instead as root
- Index(es):
 |