[systemd-devel] Unprivileged poweroff
Lennart Poettering
lennart at poettering.net
Wed Oct 22 04:37:42 PDT 2014
On Wed, 10.09.14 16:03, Michal Witanowski (m.witanowski at samsung.com) wrote:
> Hi,
>
> I was wondering if there is a possibility to call "systemctl poweroff" as
> non-root user in this scenario:
>
> 1. I have no PolicyKit on my system, so I get access denied.
>
> 2. Calling with "-f" parameter also fails, with "Must be root" error.
>
> 3. I'd like to avoid using "sudo".
>
> Theoretically there is no other way, am I right?
>
> But what about CAP_SYS_BOOT? Does the systemctl shouldn't verify if this
> capability is set and allow non-root user to shut down the system?
When used with kdbus we actually do check for that client-side
capability. THis is not available on dbus1 however, since we cannot
determine the capability racefreely and thus safely.
Lennart
--
Lennart Poettering, Red Hat
More information about the systemd-devel
mailing list