[systemd-devel] Restarting a service as user instead as root

[Cecil Westerhof]

2018-08-13 11:51 GMT+02:00 Michael Chapman <mike at very.puzzling.org>:

> On Mon, 13 Aug 2018, Cecil Westerhof wrote:
> > I have a service that is run as a different user as root. But only root
> can
> > restart the service. Is there a way to make 'systemctl restart' work for
> > the user that runs the service?
>
> You could simply add some Sudo rules allowing the user to perform that
> command.
>
> Alternatively, you can write a polkit rule to describe the permissions.
> For example, the following would give permission for a particular
> user to restart a particular service:
>
>     polkit.addRule(function(action, subject) {
>         if (action.id == "org.freedesktop.systemd1.manage-units" &&
>             action.lookup("unit") == "example.service" &&
>             action.lookup("verb") == "restart" &&
>             subject.user == "username") {
>             return polkit.Result.YES;
>         }
>     });
>
> See the AUTHORIZATION RULES section of the polkit(8) manpage for further
> details.
>

I tried to put this in:
    /etc/polkit-1/rules.d/10-auth.rules

When reading:
    https://www.freedesktop.org/software/polkit/docs/latest/polkit.8.html
    AUTHORIZATION RULES

It should work immediately after writing the file, but it does not.
Is there something else I should do?

I am using Debian 9.

-- 
Cecil Westerhof
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/systemd-devel/attachments/20180813/067287a2/attachment.html>