how to allow vncserver restart ??
Sean Darcy
seandarcy2 at gmail.com
Mon Mar 3 14:34:39 PST 2014
On 03/03/2014 09:35 AM, Simon McVittie wrote:
> On 01/03/14 19:13, Sean Darcy wrote:
>> Thanks for the prompt and useful reply. It explained a lot of how dbus
>> can work.
>>
>> But...it didn't work.
>
> I described two options, and you seem to have done both of them...
>
>> used visudo to add sudoers:
>>
>> %users ALL=(root) NOPASSWD: /usr/local/bin/vnc2
>>
>> created /usr/local/bin/vnc2
>> cat /usr/local/bin/vnc2
>> #!/bin/sh
>>
>> systemctl stop vncserver@:2
>> rm -f /tmp/.X2-lock
>> rm -f /tmp/.X11-unix/X2
>> systemctl start vncserver@:2
>>
>>
>> (vnc2 instead of a script for all servers, since I can adjust
>> permissions for each vnc[2-N] )
>
> ... and what happened when an unprivileged user tried to run "sudo
> /usr/local/bin/vnc2"? Any error messages on stderr, in syslog or in
> auth.log (or wherever your OS puts sudo authentication failures)?
>
> The sudoers line I suggested assumes that your users are in the Unix
> group "users" (the % prefix means "Unix group"). Please adjust as
> necessary if they aren't; this is sudoers syntax, not anything
> D-Bus-specific. For instance, if you want a user named "sean" to be able
> to run that script, it'd look like this:
>
> sean ALL=(root) NOPASSWD: /usr/local/bin/vnc2
>
>> So then I created /etc/dbus-1/system.d/vnc.local.conf:
> ...
>> Which worked.
>>
>> Is there any way to specify that only vncserver@:N can be started or
>> stopped, and not all system services?
>
> Not by creating an XML policy like that, no. The XML policy language
> doesn't have any syntax for "the method's arguments must look like this".
>
> S
>
I tried them one after the other. But I now realize I need to use
sudoers for a granular method.
Thanks for all the help.
sean
More information about the dbus
mailing list