how to allow vncserver restart ??
simon.mcvittie at collabora.co.uk
Mon Mar 3 06:35:25 PST 2014
On 01/03/14 19:13, Sean Darcy wrote:
> Thanks for the prompt and useful reply. It explained a lot of how dbus
> can work.
> But...it didn't work.
I described two options, and you seem to have done both of them...
> used visudo to add sudoers:
> %users ALL=(root) NOPASSWD: /usr/local/bin/vnc2
> created /usr/local/bin/vnc2
> cat /usr/local/bin/vnc2
> systemctl stop vncserver@:2
> rm -f /tmp/.X2-lock
> rm -f /tmp/.X11-unix/X2
> systemctl start vncserver@:2
> (vnc2 instead of a script for all servers, since I can adjust
> permissions for each vnc[2-N] )
... and what happened when an unprivileged user tried to run "sudo
/usr/local/bin/vnc2"? Any error messages on stderr, in syslog or in
auth.log (or wherever your OS puts sudo authentication failures)?
The sudoers line I suggested assumes that your users are in the Unix
group "users" (the % prefix means "Unix group"). Please adjust as
necessary if they aren't; this is sudoers syntax, not anything
D-Bus-specific. For instance, if you want a user named "sean" to be able
to run that script, it'd look like this:
sean ALL=(root) NOPASSWD: /usr/local/bin/vnc2
> So then I created /etc/dbus-1/system.d/vnc.local.conf:
> Which worked.
> Is there any way to specify that only vncserver@:N can be started or
> stopped, and not all system services?
Not by creating an XML policy like that, no. The XML policy language
doesn't have any syntax for "the method's arguments must look like this".
More information about the dbus