[systemd-devel] Unprivileged poweroff
Tom Gundersen
teg at jklm.no
Wed Sep 10 09:06:03 PDT 2014
On Wed, Sep 10, 2014 at 4:03 PM, Michal Witanowski
<m.witanowski at samsung.com> wrote:
> I was wondering if there is a possibility to call “systemctl poweroff” as
> non-root user in this scenario:
>
> 1. I have no PolicyKit on my system, so I get access denied.
>
> 2. Calling with “-f” parameter also fails, with “Must be root” error.
>
> 3. I’d like to avoid using “sudo”.
>
> Theoretically there is no other way, am I right?
>
> But what about CAP_SYS_BOOT? Does the systemctl shouldn’t verify if this
> capability is set and allow non-root user to shut down the system?
As Simon pointed out, this is not safe with dbus-1. However, with
kdbus this should work and (if I read the code correctly) the Reboot
dbus call is already hooked up to accept CAP_SYS_BOOT when called over
kdbus.
Cheers,
Tom
More information about the systemd-devel
mailing list