Re: Run reboot as normal user

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Tue, 2021-11-30 at 14:11 +0100, Mohamed Ali Fodha wrote:
> Thanks, but I think using setuid has a security risk for attackers,
> so I understand there is no so much granularity to manage
> unprivileged access to systemd in case the polkit is not used.

You could use setcap to set CAP_SYS_ADMIN capabilities on the
executable you start for rebooting. I don't see a big difference wrt
using AmbientCapabilities in a systemd service, as long as you restrict
the program to be executable only by a certain user or group. Polkit
can't do much more, either. Its main purpose is to serve logged-in
users that want to do certain priviliged actions like mount a volume or
install software, and trigger pop-ups that ask for either user or admin
passwords. IIUC it's overengineered for what you're trying to do,
unless you want to ask for a password or some other extra
authorization.

OTOH, if you use CAP_SYS_ADMIN, you might as well use setuid. Same
argument - if you restrict the program properly, it comes down to
exactly the same thing that polkit would do, just far simpler.

Martin
[Index of Archives]     [LARTC]     [Bugtraq]     [Yosemite Forum]     [Photo]

  Powered by Linux