[systemd-devel] hostnamectl set-hostname non-admin user

Damien LEFEVRE lefevre.da at gmail.com
Wed Apr 7 13:42:36 UTC 2021


Thanks Silvio! That's just what I needed.

Cheers,
-Damien

On Tue, Apr 6, 2021 at 9:26 PM Silvio Knizek <killermoehre at gmx.net> wrote:

> Am Dienstag, dem 06.04.2021 um 16:21 +0300 schrieb Damien LEFEVRE:
> > Hi,
> >
> > I have an embedded device and I do not install sudo. I need to have a
> > non-root running the main service capable of changing the hostname.
> >
> > After spending a long afternoon on this I still have not managed.
> >
> > Here i've tried adding my new user but only read-only requests go
> > through
> > /usr/share/dbus-1/system.d/org.freedesktop.hostname1.conf
> > ```xml
> > <?xml version="1.0"?> <!--*-nxml-*-->
> > <!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus
> > Configuration 1.0//EN"
> >
> > "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
> >
> > <!--
> >   SPDX-License-Identifier: LGPL-2.1+
> >
> >   This file is part of systemd.
> >
> >   systemd is free software; you can redistribute it and/or modify it
> >   under the terms of the GNU Lesser General Public License as
> > published by
> >   the Free Software Foundation; either version 2.1 of the License, or
> >   (at your option) any later version.
> > -->
> >
> > <busconfig>
> >
> >     <policy user="root">
> >         <allow own="org.freedesktop.hostname1"/>
> >         <allow send_destination="org.freedesktop.hostname1"/>
> >         <allow receive_sender="org.freedesktop.hostname1"/>
> >     </policy>
> >
> >     <policy user="myuser">
> >         <!--<allow own="org.freedesktop.hostname1"/>-->
> >         <allow send_destination="org.freedesktop.hostname1"/>
> >         <allow receive_sender="org.freedesktop.hostname1"/>
> >     </policy>
> >
> >     <policy context="default">
> >         <allow send_destination="org.freedesktop.hostname1"/>
> >         <allow receive_sender="org.freedesktop.hostname1"/>
> >     </policy>
> >
> > </busconfig>
> > ```
> >
> >
> > /usr/share/polkit-1/actions/org.freedesktop.hostname1.policy
> > ```xml
> > <?xml version="1.0" encoding="UTF-8"?> <!--*-nxml-*-->
> > <!DOCTYPE policyconfig PUBLIC "-//freedesktop//DTD PolicyKit Policy
> > Configuration 1.0//EN"
> >         "
> > http://www.freedesktop.org/standards/PolicyKit/1/policyconfig.dtd">
> >
> > <!--
> >   SPDX-License-Identifier: LGPL-2.1+
> >
> >   systemd is free software; you can redistribute it and/or modify it
> >   under the terms of the GNU Lesser General Public License as
> > published by
> >   the Free Software Foundation; either version 2.1 of the License, or
> >   (at your option) any later version.
> > -->
> >
> > <policyconfig>
> >
> >         <vendor>The systemd Project</vendor>
> >
> > <vendor_url>http://www.freedesktop.org/wiki/Software/systemd</vendor_
> > url>
> >
> >         <action id="org.freedesktop.hostname1.set-hostname">
> >                 <description gettext-domain="systemd">Set host
> > name</description>
> >                 <message gettext-domain="systemd">Authentication is
> > required to set the local host name.</message>
> >                 <defaults>
> >                         <allow_any>auth_admin_keep</allow_any>
> >
> > <allow_inactive>auth_admin_keep</allow_inactive>
> >                         <allow_active>auth_admin_keep</allow_active>
> >                 </defaults>
> >         </action>
> >
> >         <action id="org.freedesktop.hostname1.set-static-hostname">
> >                 <description gettext-domain="systemd">Set static host
> > name</description>
> >                 <message gettext-domain="systemd">Authentication is
> > required to set the statically configured local host name, as well as
> > the pretty host name.</message>
> >                 <defaults>
> >                         <allow_any>auth_admin_keep</allow_any>
> >
> > <allow_inactive>auth_admin_keep</allow_inactive>
> >                         <allow_active>auth_admin_keep</allow_active>
> >                 </defaults>
> >                 <annotate
> > key="org.freedesktop.policykit.imply">org.freedesktop.hostname1.set-
> > hostname org.freedesktop.hostname1.set-machine-info</annotate>
> >         </action>
> >
> >         <action id="org.freedesktop.hostname1.set-machine-info">
> >                 <description gettext-domain="systemd">Set machine
> > information</description>
> >                 <message gettext-domain="systemd">Authentication is
> > required to set local machine information.</message>
> >                 <defaults>
> >                         <allow_any>auth_admin_keep</allow_any>
> >
> > <allow_inactive>auth_admin_keep</allow_inactive>
> >                         <allow_active>auth_admin_keep</allow_active>
> >                 </defaults>
> >         </action>
> >
> >         <action id="org.freedesktop.hostname1.get-product-uuid">
> >                 <description gettext-domain="systemd">Get product
> > UUID</description>
> >                 <message gettext-domain="systemd">Authentication is
> > required to get product UUID.</message>
> >                 <defaults>
> >                         <allow_any>auth_admin_keep</allow_any>
> >
> > <allow_inactive>auth_admin_keep</allow_inactive>
> >                         <allow_active>auth_admin_keep</allow_active>
> >                 </defaults>
> >         </action>
> >
> > </policyconfig>
> > ```
> >
> > Despite all my attempts I always get 'Could not set property: Access
> > denied' for hostnamectl set-hostname
> >
> > And get the 'org.freedesktop.DBus.Error.AccessDenied' in dbus-monitor
> >
> > method call time=1617739342.317948 sender=:1.23 ->
> > destination=org.freedesktop.hostname1 serial=3
> > path=/org/freedesktop/hostname1; interface=org.freedesktop.hostname1;
> > member=SetStaticHostname
> >    string "blabla"
> >    boolean true
> > ...
> > error time=1617739342.320289 sender=:1.24 -> destination=:1.23
> > error_name=org.freedesktop.DBus.Error.AccessDenied reply_serial=3
> >    string "Permission denied"
> >
> >
> > Any help would be greatly appreciated =)
> >
> > -Damien
>
> Hi Damien,
>
> you actually need to configure polkit for this. Something like
> /etc/polkit-1/rules.d/49-allow-myuser-access-to-hostnamed.rules
>
> ```javascript
> polkit.addRule(function(action, subject) {
>     if (action.id == "org.freedesktop.hostname1.set-hostname") {
>         if (subject.user == "myuser") {
>             return polkit.Result.YES;
>         }
>     }
> });
> ```
>
> Your dbus definition only says that one can define rules including such
> actions.
>
> HTH
> Silvio
>
> _______________________________________________
> systemd-devel mailing list
> systemd-devel at lists.freedesktop.org
> https://lists.freedesktop.org/mailman/listinfo/systemd-devel
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/systemd-devel/attachments/20210407/ec1a7100/attachment.htm>


More information about the systemd-devel mailing list