<div dir="ltr">Thanks Silvio! That's just what I needed.<div><br></div><div>Cheers,</div><div>-Damien</div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Tue, Apr 6, 2021 at 9:26 PM Silvio Knizek <<a href="mailto:killermoehre@gmx.net">killermoehre@gmx.net</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Am Dienstag, dem 06.04.2021 um 16:21 +0300 schrieb Damien LEFEVRE:<br>
> Hi,<br>
><br>
> I have an embedded device and I do not install sudo. I need to have a<br>
> non-root running the main service capable of changing the hostname.<br>
><br>
> After spending a long afternoon on this I still have not managed.<br>
><br>
> Here i've tried adding my new user but only read-only requests go<br>
> through<br>
> /usr/share/dbus-1/system.d/org.freedesktop.hostname1.conf<br>
> ```xml<br>
> <?xml version="1.0"?> <!--*-nxml-*--><br>
> <!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus<br>
> Configuration 1.0//EN"<br>
>        <br>
> "<a href="http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd" rel="noreferrer" target="_blank">http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd</a>"><br>
><br>
> <!--<br>
>   SPDX-License-Identifier: LGPL-2.1+<br>
><br>
>   This file is part of systemd.<br>
><br>
>   systemd is free software; you can redistribute it and/or modify it<br>
>   under the terms of the GNU Lesser General Public License as<br>
> published by<br>
>   the Free Software Foundation; either version 2.1 of the License, or<br>
>   (at your option) any later version.<br>
> --><br>
><br>
> <busconfig><br>
><br>
>     <policy user="root"><br>
>         <allow own="org.freedesktop.hostname1"/><br>
>         <allow send_destination="org.freedesktop.hostname1"/><br>
>         <allow receive_sender="org.freedesktop.hostname1"/><br>
>     </policy><br>
><br>
>     <policy user="myuser"><br>
>         <!--<allow own="org.freedesktop.hostname1"/>--><br>
>         <allow send_destination="org.freedesktop.hostname1"/><br>
>         <allow receive_sender="org.freedesktop.hostname1"/><br>
>     </policy><br>
><br>
>     <policy context="default"><br>
>         <allow send_destination="org.freedesktop.hostname1"/><br>
>         <allow receive_sender="org.freedesktop.hostname1"/><br>
>     </policy><br>
><br>
> </busconfig><br>
> ```<br>
><br>
><br>
> /usr/share/polkit-1/actions/org.freedesktop.hostname1.policy<br>
> ```xml<br>
> <?xml version="1.0" encoding="UTF-8"?> <!--*-nxml-*--><br>
> <!DOCTYPE policyconfig PUBLIC "-//freedesktop//DTD PolicyKit Policy<br>
> Configuration 1.0//EN"<br>
>         "<br>
> <a href="http://www.freedesktop.org/standards/PolicyKit/1/policyconfig.dtd" rel="noreferrer" target="_blank">http://www.freedesktop.org/standards/PolicyKit/1/policyconfig.dtd</a>"><br>
><br>
> <!--<br>
>   SPDX-License-Identifier: LGPL-2.1+<br>
><br>
>   systemd is free software; you can redistribute it and/or modify it<br>
>   under the terms of the GNU Lesser General Public License as<br>
> published by<br>
>   the Free Software Foundation; either version 2.1 of the License, or<br>
>   (at your option) any later version.<br>
> --><br>
><br>
> <policyconfig><br>
><br>
>         <vendor>The systemd Project</vendor><br>
>        <br>
> <vendor_url><a href="http://www.freedesktop.org/wiki/Software/systemd" rel="noreferrer" target="_blank">http://www.freedesktop.org/wiki/Software/systemd</a></vendor_<br>
> url><br>
><br>
>         <action id="org.freedesktop.hostname1.set-hostname"><br>
>                 <description gettext-domain="systemd">Set host<br>
> name</description><br>
>                 <message gettext-domain="systemd">Authentication is<br>
> required to set the local host name.</message><br>
>                 <defaults><br>
>                         <allow_any>auth_admin_keep</allow_any><br>
>                        <br>
> <allow_inactive>auth_admin_keep</allow_inactive><br>
>                         <allow_active>auth_admin_keep</allow_active><br>
>                 </defaults><br>
>         </action><br>
><br>
>         <action id="org.freedesktop.hostname1.set-static-hostname"><br>
>                 <description gettext-domain="systemd">Set static host<br>
> name</description><br>
>                 <message gettext-domain="systemd">Authentication is<br>
> required to set the statically configured local host name, as well as<br>
> the pretty host name.</message><br>
>                 <defaults><br>
>                         <allow_any>auth_admin_keep</allow_any><br>
>                        <br>
> <allow_inactive>auth_admin_keep</allow_inactive><br>
>                         <allow_active>auth_admin_keep</allow_active><br>
>                 </defaults><br>
>                 <annotate<br>
> key="org.freedesktop.policykit.imply">org.freedesktop.hostname1.set-<br>
> hostname org.freedesktop.hostname1.set-machine-info</annotate><br>
>         </action><br>
><br>
>         <action id="org.freedesktop.hostname1.set-machine-info"><br>
>                 <description gettext-domain="systemd">Set machine<br>
> information</description><br>
>                 <message gettext-domain="systemd">Authentication is<br>
> required to set local machine information.</message><br>
>                 <defaults><br>
>                         <allow_any>auth_admin_keep</allow_any><br>
>                        <br>
> <allow_inactive>auth_admin_keep</allow_inactive><br>
>                         <allow_active>auth_admin_keep</allow_active><br>
>                 </defaults><br>
>         </action><br>
><br>
>         <action id="org.freedesktop.hostname1.get-product-uuid"><br>
>                 <description gettext-domain="systemd">Get product<br>
> UUID</description><br>
>                 <message gettext-domain="systemd">Authentication is<br>
> required to get product UUID.</message><br>
>                 <defaults><br>
>                         <allow_any>auth_admin_keep</allow_any><br>
>                        <br>
> <allow_inactive>auth_admin_keep</allow_inactive><br>
>                         <allow_active>auth_admin_keep</allow_active><br>
>                 </defaults><br>
>         </action><br>
><br>
> </policyconfig><br>
> ```<br>
><br>
> Despite all my attempts I always get 'Could not set property: Access<br>
> denied' for hostnamectl set-hostname<br>
><br>
> And get the 'org.freedesktop.DBus.Error.AccessDenied' in dbus-monitor<br>
><br>
> method call time=1617739342.317948 sender=:1.23 -><br>
> destination=org.freedesktop.hostname1 serial=3<br>
> path=/org/freedesktop/hostname1; interface=org.freedesktop.hostname1;<br>
> member=SetStaticHostname<br>
>    string "blabla"<br>
>    boolean true<br>
> ...<br>
> error time=1617739342.320289 sender=:1.24 -> destination=:1.23<br>
> error_name=org.freedesktop.DBus.Error.AccessDenied reply_serial=3<br>
>    string "Permission denied"<br>
><br>
><br>
> Any help would be greatly appreciated =)<br>
><br>
> -Damien<br>
<br>
Hi Damien,<br>
<br>
you actually need to configure polkit for this. Something like<br>
/etc/polkit-1/rules.d/49-allow-myuser-access-to-hostnamed.rules<br>
<br>
```javascript<br>
polkit.addRule(function(action, subject) {<br>
    if (<a href="http://action.id" rel="noreferrer" target="_blank">action.id</a> == "org.freedesktop.hostname1.set-hostname") {<br>
        if (subject.user == "myuser") {<br>
            return polkit.Result.YES;<br>
        }<br>
    }<br>
});<br>
```<br>
<br>
Your dbus definition only says that one can define rules including such<br>
actions.<br>
<br>
HTH<br>
Silvio<br>
<br>
_______________________________________________<br>
systemd-devel mailing list<br>
<a href="mailto:systemd-devel@lists.freedesktop.org" target="_blank">systemd-devel@lists.freedesktop.org</a><br>
<a href="https://lists.freedesktop.org/mailman/listinfo/systemd-devel" rel="noreferrer" target="_blank">https://lists.freedesktop.org/mailman/listinfo/systemd-devel</a><br>
</blockquote></div>