[systemd-devel] Restarting a service as user instead as root
Michael Chapman
mike at very.puzzling.org
Mon Aug 13 10:52:58 UTC 2018
On Mon, 13 Aug 2018, Cecil Westerhof wrote:
> 2018-08-13 11:51 GMT+02:00 Michael Chapman <mike at very.puzzling.org>:
>
> > On Mon, 13 Aug 2018, Cecil Westerhof wrote:
> > > I have a service that is run as a different user as root. But only root
> > can
> > > restart the service. Is there a way to make 'systemctl restart' work for
> > > the user that runs the service?
> >
> > You could simply add some Sudo rules allowing the user to perform that
> > command.
> >
> > Alternatively, you can write a polkit rule to describe the permissions.
> > For example, the following would give permission for a particular
> > user to restart a particular service:
> >
> > polkit.addRule(function(action, subject) {
> > if (action.id == "org.freedesktop.systemd1.manage-units" &&
> > action.lookup("unit") == "example.service" &&
> > action.lookup("verb") == "restart" &&
> > subject.user == "username") {
> > return polkit.Result.YES;
> > }
> > });
> >
> > See the AUTHORIZATION RULES section of the polkit(8) manpage for further
> > details.
> >
>
> I tried to put this in:
> /etc/polkit-1/rules.d/10-auth.rules
>
> When reading:
> https://www.freedesktop.org/software/polkit/docs/latest/polkit.8.html
> AUTHORIZATION RULES
>
> It should work immediately after writing the file, but it does not.
> Is there something else I should do?
>
> I am using Debian 9.
It should work immediately. polkitd will log that it is reloading the
rules. I suggest you check the log... maybe there's some syntax error or
other problem with your rule file.
More information about the systemd-devel
mailing list