Thanks Silvio! That's just what I needed. Cheers, -Damien
On Tue, Apr 6, 2021 at 9:26 PM Silvio Knizek <killermoe...@gmx.net> wrote: > Am Dienstag, dem 06.04.2021 um 16:21 +0300 schrieb Damien LEFEVRE: > > Hi, > > > > I have an embedded device and I do not install sudo. I need to have a > > non-root running the main service capable of changing the hostname. > > > > After spending a long afternoon on this I still have not managed. > > > > Here i've tried adding my new user but only read-only requests go > > through > > /usr/share/dbus-1/system.d/org.freedesktop.hostname1.conf > > ```xml > > <?xml version="1.0"?> <!--*-nxml-*--> > > <!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus > > Configuration 1.0//EN" > > > > "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd"> > > > > <!-- > > SPDX-License-Identifier: LGPL-2.1+ > > > > This file is part of systemd. > > > > systemd is free software; you can redistribute it and/or modify it > > under the terms of the GNU Lesser General Public License as > > published by > > the Free Software Foundation; either version 2.1 of the License, or > > (at your option) any later version. > > --> > > > > <busconfig> > > > > <policy user="root"> > > <allow own="org.freedesktop.hostname1"/> > > <allow send_destination="org.freedesktop.hostname1"/> > > <allow receive_sender="org.freedesktop.hostname1"/> > > </policy> > > > > <policy user="myuser"> > > <!--<allow own="org.freedesktop.hostname1"/>--> > > <allow send_destination="org.freedesktop.hostname1"/> > > <allow receive_sender="org.freedesktop.hostname1"/> > > </policy> > > > > <policy context="default"> > > <allow send_destination="org.freedesktop.hostname1"/> > > <allow receive_sender="org.freedesktop.hostname1"/> > > </policy> > > > > </busconfig> > > ``` > > > > > > /usr/share/polkit-1/actions/org.freedesktop.hostname1.policy > > ```xml > > <?xml version="1.0" encoding="UTF-8"?> <!--*-nxml-*--> > > <!DOCTYPE policyconfig PUBLIC "-//freedesktop//DTD PolicyKit Policy > > Configuration 1.0//EN" > > " > > http://www.freedesktop.org/standards/PolicyKit/1/policyconfig.dtd"> > > > > <!-- > > SPDX-License-Identifier: LGPL-2.1+ > > > > systemd is free software; you can redistribute it and/or modify it > > under the terms of the GNU Lesser General Public License as > > published by > > the Free Software Foundation; either version 2.1 of the License, or > > (at your option) any later version. > > --> > > > > <policyconfig> > > > > <vendor>The systemd Project</vendor> > > > > <vendor_url>http://www.freedesktop.org/wiki/Software/systemd</vendor_ > > url> > > > > <action id="org.freedesktop.hostname1.set-hostname"> > > <description gettext-domain="systemd">Set host > > name</description> > > <message gettext-domain="systemd">Authentication is > > required to set the local host name.</message> > > <defaults> > > <allow_any>auth_admin_keep</allow_any> > > > > <allow_inactive>auth_admin_keep</allow_inactive> > > <allow_active>auth_admin_keep</allow_active> > > </defaults> > > </action> > > > > <action id="org.freedesktop.hostname1.set-static-hostname"> > > <description gettext-domain="systemd">Set static host > > name</description> > > <message gettext-domain="systemd">Authentication is > > required to set the statically configured local host name, as well as > > the pretty host name.</message> > > <defaults> > > <allow_any>auth_admin_keep</allow_any> > > > > <allow_inactive>auth_admin_keep</allow_inactive> > > <allow_active>auth_admin_keep</allow_active> > > </defaults> > > <annotate > > key="org.freedesktop.policykit.imply">org.freedesktop.hostname1.set- > > hostname org.freedesktop.hostname1.set-machine-info</annotate> > > </action> > > > > <action id="org.freedesktop.hostname1.set-machine-info"> > > <description gettext-domain="systemd">Set machine > > information</description> > > <message gettext-domain="systemd">Authentication is > > required to set local machine information.</message> > > <defaults> > > <allow_any>auth_admin_keep</allow_any> > > > > <allow_inactive>auth_admin_keep</allow_inactive> > > <allow_active>auth_admin_keep</allow_active> > > </defaults> > > </action> > > > > <action id="org.freedesktop.hostname1.get-product-uuid"> > > <description gettext-domain="systemd">Get product > > UUID</description> > > <message gettext-domain="systemd">Authentication is > > required to get product UUID.</message> > > <defaults> > > <allow_any>auth_admin_keep</allow_any> > > > > <allow_inactive>auth_admin_keep</allow_inactive> > > <allow_active>auth_admin_keep</allow_active> > > </defaults> > > </action> > > > > </policyconfig> > > ``` > > > > Despite all my attempts I always get 'Could not set property: Access > > denied' for hostnamectl set-hostname > > > > And get the 'org.freedesktop.DBus.Error.AccessDenied' in dbus-monitor > > > > method call time=1617739342.317948 sender=:1.23 -> > > destination=org.freedesktop.hostname1 serial=3 > > path=/org/freedesktop/hostname1; interface=org.freedesktop.hostname1; > > member=SetStaticHostname > > string "blabla" > > boolean true > > ... > > error time=1617739342.320289 sender=:1.24 -> destination=:1.23 > > error_name=org.freedesktop.DBus.Error.AccessDenied reply_serial=3 > > string "Permission denied" > > > > > > Any help would be greatly appreciated =) > > > > -Damien > > Hi Damien, > > you actually need to configure polkit for this. Something like > /etc/polkit-1/rules.d/49-allow-myuser-access-to-hostnamed.rules > > ```javascript > polkit.addRule(function(action, subject) { > if (action.id == "org.freedesktop.hostname1.set-hostname") { > if (subject.user == "myuser") { > return polkit.Result.YES; > } > } > }); > ``` > > Your dbus definition only says that one can define rules including such > actions. > > HTH > Silvio > > _______________________________________________ > systemd-devel mailing list > systemd-devel@lists.freedesktop.org > https://lists.freedesktop.org/mailman/listinfo/systemd-devel >
_______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel