我的pkaction版本是0.112
我的根目录中有一个服务,我想授予用户组管理员权限来运行该服务。
该服务存在于/root/home/custom_service/service.service
我chgrp admin ./home/custom_service/
当时尝试过chmod g+rx ./home/custom_service/
当我检查权限时ls -l ./home/custom_service/
我得到-rw-r-xr-- 1 root admin 449 May 30 11:23 service.service
当我尝试从我的 testUsr 帐户(位于组管理员中)运行该服务时,结果如下:
我跑:
systemctl start service.service
结果:
==== AUTHENTICATING FOR org.freedesktop.systemd1.manage-units ===
Authentication is required to manage system services or units.
Authenticating as: scarycall
Password:
polkit-agent-helper-1: pam_authenticate failed: Permission denied
==== AUTHENTICATION FAILED ===
Failed to start service.service: Access denied
See system logs and 'systemctl status service.service' for details.
注意:我可以从 root 运行该服务。
所以我启用了 polkit 规则,如下所示
// vi: ft=javascript
// Allow user in admin group to manage specific systemd units
Array.prototype.includes = function(variable) {
for (var i = 0; i < this.length; i++) { if (this[i] === variable) { return true; } }
return false;
}
polkit.addRule(function(action, subject) {
var allowed = {
units: [
"service.service"
],
actions: [
"org.freedesktop.systemd1.manage-unit-files"
],
verbs: [
"start", "stop", "restart"
]
}
var unit_name = action.lookup("unit");
if (allowed.actions.includes(action.id) &&
allowed.units.includes(unit_name) &&
allowed.verbs.includes(action.lookup("verb")) &&
subject.isInGroup("admin")
) {
return polkit.Result.YES;
}
});
这保存在/etc/polkit-1/rules.d/60-service.rules
当我重新运行“systemctl start service.service”时,此规则不起作用,我仍然得到上面列出的结果。
更新: 我运行的系统没有正确版本的 systemd 来支持操作的单位和动词详细信息。所以我不得不使用 sudo 权限。