how to allow vncserver restart ??
Simon McVittie
simon.mcvittie at collabora.co.uk
Mon Mar 3 06:35:25 PST 2014
On 01/03/14 19:13, Sean Darcy wrote:
> Thanks for the prompt and useful reply. It explained a lot of how dbus
> can work.
>
> But...it didn't work.
I described two options, and you seem to have done both of them...
> used visudo to add sudoers:
>
> %users ALL=(root) NOPASSWD: /usr/local/bin/vnc2
>
> created /usr/local/bin/vnc2
> cat /usr/local/bin/vnc2
> #!/bin/sh
>
> systemctl stop vncserver@:2
> rm -f /tmp/.X2-lock
> rm -f /tmp/.X11-unix/X2
> systemctl start vncserver@:2
>
>
> (vnc2 instead of a script for all servers, since I can adjust
> permissions for each vnc[2-N] )
... and what happened when an unprivileged user tried to run "sudo
/usr/local/bin/vnc2"? Any error messages on stderr, in syslog or in
auth.log (or wherever your OS puts sudo authentication failures)?
The sudoers line I suggested assumes that your users are in the Unix
group "users" (the % prefix means "Unix group"). Please adjust as
necessary if they aren't; this is sudoers syntax, not anything
D-Bus-specific. For instance, if you want a user named "sean" to be able
to run that script, it'd look like this:
sean ALL=(root) NOPASSWD: /usr/local/bin/vnc2
> So then I created /etc/dbus-1/system.d/vnc.local.conf:
...
> Which worked.
>
> Is there any way to specify that only vncserver@:N can be started or
> stopped, and not all system services?
Not by creating an XML policy like that, no. The XML policy language
doesn't have any syntax for "the method's arguments must look like this".
S
More information about the dbus
mailing list