[systemd-devel] timedate1 permissions

Greg Wilson-Lindberg GWilson at sakuraus.com
Thu Feb 18 00:47:06 UTC 2021 

Hi Mantas,
That was the advice that I needed.
I modified our Yocto build to include polkit, added datetime group to our user and now it’s working.

Thanks,
Greg

From: Mantas Mikulėnas <grawity at gmail.com>
Sent: Wednesday, February 17, 2021 10:56 AM
To: Greg Wilson-Lindberg <GWilson at sakuraus.com>
Cc: systemd-devel at lists.freedesktop.org
Subject: Re: [systemd-devel] timedate1 permissions

Systemd D-Bus services use polkit for authorization when the message is sent by someone not uid 0. Depending on which version you have, you can write a .pkla file (Debian) or a JavaScript function (other distros) that allows a specific action for a specific user or group.

You'll want to allow the "org.freedesktop.timedate1.set-timezone" action (see `pkaction`). Recent versions have some documentation in `man 8 polkit`.

If the system doesn't have polkit installed, then all you have is the hardcoded "uid == 0" check. (Polkit *is* the configuration facility for that.)


On Wed, Feb 17, 2021 at 8:18 PM Greg Wilson-Lindberg <GWilson at sakuraus.com<mailto:GWilson at sakuraus.com>> wrote:
First, I hope that I have found the proper list for this question, if not I'm sorry to bother you all.

I'm trying to run a program that changes the timezone. Our application is using the dbus facility to change the time zone. It works when run as root but fails when run as our user. I had thought initially that the problem was with dbus permissions but have since found out that the fact that the messages are going over the dbus means that the dbus permissions are set correctly.

So, it seems that the systemd.timedate1 utility has it's own permissions that is rejecting our request to change the timezone. My question at this point becomes, how do I change the permissions for the system.timedate1 utility to allow my non-root user to change the time and timezone?

Regards,
Greg Wilson-Lindberg
_______________________________________________
systemd-devel mailing list
systemd-devel at lists.freedesktop.org<mailto:systemd-devel at lists.freedesktop.org>
https://lists.freedesktop.org/mailman/listinfo/systemd-devel


--
Mantas Mikulėnas
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/systemd-devel/attachments/20210218/523b101f/attachment.htm>

More information about the systemd-devel mailing list