[systemd-devel] Run reboot as normal user
Martin Wilck
mwilck at suse.com
Wed Dec 1 09:06:05 UTC 2021
On Tue, 2021-11-30 at 14:11 +0100, Mohamed Ali Fodha wrote:
> Thanks, but I think using setuid has a security risk for attackers,
> so I understand there is no so much granularity to manage
> unprivileged access to systemd in case the polkit is not used.
You could use setcap to set CAP_SYS_ADMIN capabilities on the
executable you start for rebooting. I don't see a big difference wrt
using AmbientCapabilities in a systemd service, as long as you restrict
the program to be executable only by a certain user or group. Polkit
can't do much more, either. Its main purpose is to serve logged-in
users that want to do certain priviliged actions like mount a volume or
install software, and trigger pop-ups that ask for either user or admin
passwords. IIUC it's overengineered for what you're trying to do,
unless you want to ask for a password or some other extra
authorization.
OTOH, if you use CAP_SYS_ADMIN, you might as well use setuid. Same
argument - if you restrict the program properly, it comes down to
exactly the same thing that polkit would do, just far simpler.
Martin
More information about the systemd-devel
mailing list