how to allow vncserver restart ??

Yang Chengwei chengwei.yang at intel.com
Thu Feb 27 17:02:45 PST 2014 

On Thu, Feb 27, 2014 at 12:02:30PM -0500, Sean Darcy wrote:
> On Fedora 19, updated. We have a group of users who use vnc. For
> various reasons the vnc service on the server goes down
> periodically. I've created small scripts for each user to restart
> the user's service:
> 
> systemctl restart vncserver@:2
> 
> but that fails with the cryptic dbus error messages:
> 
> dbus[540]: [system] Rejected send message, 2 matched rules;
> type="method_call", sender=":1.8319" (u
> id=504 pid=1680 comm="systemctl stop vncserver@:2 ")
> interface="org.freedesktop.systemd1.Manager" member="StopUnit" error
> name="(unset)" requested_reply="0"
> destination="org.freedesktop.systemd1" (uid=0 pid=1
> comm="/usr/lib/systemd/systemd --switched-root --system ")
> dbus[540]: [system] Rejected send message, 2 matched rules;
> type="method_call", sender=":1.8320" (u
> id=504 pid=1683 comm="systemctl start vncserver@:2 ")
> interface="org.freedesktop.systemd1.Manager" member="StartUnit"
> error name="(unset)" requested_reply="0"
> destination="org.freedesktop.systemd1" (uid=0 pid=1
> comm="/usr/lib/systemd/systemd --switched-root --system ")
> 
> AFAICT, sudoers doesn't help, it's a dbus thing.

Not really, DBus let the service provider to config its own access
rules, as you find below it's systemd responsibility to define its
access rules.

> 
> So now an administrator has to restart the service and the users are
> _really_ unhappy having to find a sysadmin.
> 
> I'm actually considering just giving them the root password.
> 
> We've read the dbus tutorial and various intro's, done of which seem
> to the point. I seems we need to edit/create a file in
> /etc/dbus-1/system.d , though the error message points to
> org.freedesktop.systemd1.Manager which is in
> /usr/share/dbus-1/interfaces/org.freedesktop.systemd1.Manager.xml.
> 
> I'd to let any user restart a vncserver service. But I'd be ok with
> letting any user restart _any_ serivce if that's what's needed.

Generally, I think this is kindly an integration issue, since the
systemd system instance/session is owned by root, it's reasonable to
only grant access to root, so non-root user can not stop/start a
system-wide service.

I hasn't experienced vnc, because X forwarding of SSH is enough to me.

In systemd, there has another kind of instance/session, the user
session, which is a service manager for user, generally non-root user,
and the user can has per-user services, so controllable by user, if
vnc service can be run in user session, then it's fine.

At the last, I think it's better to ask fedora community or vnc
community to figure out why it's down periodically.

--
Thanks,
Chengwei

> 
> Thanks for any help.
> 
> sean
> -
> 
> _______________________________________________
> dbus mailing list
> dbus at lists.freedesktop.org
> http://lists.freedesktop.org/mailman/listinfo/dbus
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: Digital signature
URL: <http://lists.freedesktop.org/archives/dbus/attachments/20140228/77cc3271/attachment.pgp>

More information about the dbus mailing list