[systemd-devel] timedate1 permissions

[Mantas Mikulėnas]

Systemd D-Bus services use polkit for authorization when the message is
sent by someone not uid 0. Depending on which version you have, you can
write a .pkla file (Debian) or a JavaScript function (other distros) that
allows a specific action for a specific user or group.

You'll want to allow the "org.freedesktop.timedate1.set-timezone" action
(see `pkaction`). Recent versions have some documentation in `man 8 polkit`.

If the system doesn't have polkit installed, then all you have is the
hardcoded "uid == 0" check. (Polkit *is* the configuration facility for
that.)


On Wed, Feb 17, 2021 at 8:18 PM Greg Wilson-Lindberg <GWilson at sakuraus.com>
wrote:

> First, I hope that I have found the proper list for this question, if not
> I'm sorry to bother you all.
>
> I'm trying to run a program that changes the timezone. Our application is
> using the dbus facility to change the time zone. It works when run as root
> but fails when run as our user. I had thought initially that the problem
> was with dbus permissions but have since found out that the fact that the
> messages are going over the dbus means that the dbus permissions are set
> correctly.
>
> So, it seems that the systemd.timedate1 utility has it's own permissions
> that is rejecting our request to change the timezone. My question at this
> point becomes, how do I change the permissions for the system.timedate1
> utility to allow my non-root user to change the time and timezone?
>
> Regards,
> Greg Wilson-Lindberg
> _______________________________________________
> systemd-devel mailing list
> systemd-devel at lists.freedesktop.org
> https://lists.freedesktop.org/mailman/listinfo/systemd-devel
>


-- 
Mantas Mikulėnas
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/systemd-devel/attachments/20210217/02e9b195/attachment.htm>