[systemd-devel] grant users access to certain services only
Lennart Poettering
lennart at poettering.net
Thu Aug 20 15:02:25 PDT 2015
On Thu, 20.08.15 23:41, Michael Biebl (mbiebl at gmail.com) wrote:
> Hi,
>
> say I wanted to grant an unprivileged userA the ability to
> systemctl start/stop/restart/reload foo.service
> and only grant this for foo.service.
>
> Is there a way to achieve that without resorting to using hacks like
> sudo or a suid binary? From a cursory look, the existing PolicyKit
> rules are too coarse grained for this.
Correct. This is currently not supported. That said, we could open
this up, as PolicyKit allows parameterizing actions. I'd be happy to
take a patch for this, and I figure it wouldn't even be a particularly
complex patch... (in lieu of a patch, submit a github RFE...)
Lennart
--
Lennart Poettering, Red Hat
More information about the systemd-devel
mailing list