Re: [systemd-devel] Restarting a service as user instead as root

Mon, 13 Aug 2018 03:58:57 -0700 

2018-08-13 12:52 GMT+02:00 Michael Chapman <m...@very.puzzling.org>:

> On Mon, 13 Aug 2018, Cecil Westerhof wrote:
> > 2018-08-13 11:51 GMT+02:00 Michael Chapman <m...@very.puzzling.org>:
> >
> > > On Mon, 13 Aug 2018, Cecil Westerhof wrote:
> > > > I have a service that is run as a different user as root. But only
> root
> > > can
> > > > restart the service. Is there a way to make 'systemctl restart' work
> for
> > > > the user that runs the service?
> > >
> > > You could simply add some Sudo rules allowing the user to perform that
> > > command.
> > >
> > > Alternatively, you can write a polkit rule to describe the permissions.
> > > For example, the following would give permission for a particular
> > > user to restart a particular service:
> > >
> > >     polkit.addRule(function(action, subject) {
> > >         if (action.id == "org.freedesktop.systemd1.manage-units" &&
> > >             action.lookup("unit") == "example.service" &&
> > >             action.lookup("verb") == "restart" &&
> > >             subject.user == "username") {
> > >             return polkit.Result.YES;
> > >         }
> > >     });
> > >
> > > See the AUTHORIZATION RULES section of the polkit(8) manpage for
> further
> > > details.
> > >
> >
> > I tried to put this in:
> >     /etc/polkit-1/rules.d/10-auth.rules
> >
> > When reading:
> >     https://www.freedesktop.org/software/polkit/docs/latest/
> polkit.8.html
> >     AUTHORIZATION RULES
> >
> > It should work immediately after writing the file, but it does not.
> > Is there something else I should do?
> >
> > I am using Debian 9.
>
> It should work immediately. polkitd will log that it is reloading the
> rules. I suggest you check the log... maybe there's some syntax error or
> other problem with your rule file.
>

I already checked the log, but when changing the file, nothing is logged. I
remember that some things have a different location in Debian. So probably
I should ask this on a Debian group.

-- 
Cecil Westerhof

_______________________________________________
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/systemd-devel

Reply via email to