如何编写规则,使非特权用户有权执行该命令systemctl enable my.service
,并且只能用于my.service
?
我能够授予以下权利systemctl start/stop my.service
但systemctl enable
到目前为止,事实证明只允许所有服务
var allowedActions = [
"org.freedesktop.systemd1.manage-unit-files"
];
polkit.addRule(function(action, subject) {
polkit.log("action=" + action);
polkit.log("subject=" + subject);
if (allowedActions.includes(action.id) &&
subject.user == "myUser")
{
polkit.log("!!!!!!");
return polkit.Result.YES;
}
});
Fororg.freedesktop.systemd1.manage-units
有值unit
,而 for org.freedesktop.systemd1.manage-unit-files
- 无值