Ubuntu20.04:如何授予非 root 用户访问 systemctl 的权限

Ubuntu20.04:如何授予非 root 用户访问 systemctl 的权限
  • ubuntu版本是20.04
  • 我在端口 6000 上运行 http 服务。
  • 我已经创建了该服务,并且作为 root 用户我可以成功运行该服务
  • 我已经创建了一个帐户svc_auto_bm,并希望该用户能够启动服务http.server.service

我确实配置了文件

root@LB1EDGRSISNBX02:/etc/systemd/system# cat http.server.service
[Unit]
Description = Job that runs simple http server daemon

[Service]
Type=simple
WorkingDirectory=/home/svc_auto_bm/projects/lab_automation_bot/output
User=svc_auto_bm
ExecStart=/usr/bin/python3 -m http.server 6000
ExecStop=/bin/kill `/bin/ps aux | /bin/grep http.server | /bin/grep -v grep | /usr/bin/awk '{ print $2 }'`
Restart=on-abort

[Install]
WantedBy=wmulti-user.target

root@LB1EDGRSISNBX02:/etc# lsb_release 0a
Usage: lsb_release [options]

lsb_release: error: No arguments are permitted
root@LB1EDGRSISNBX02:/etc# lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 20.04.6 LTS
Release:        20.04
Codename:       focal
root@LB1EDGRSISNBX02:/etc#

存在两个问题:

  1. 当我以非 root 用户身份运行时,svc_auto_bm它会列出提供密码的用户,但该列表中svc_auto_bm缺少

  2. 它应该已经自动接受该命令,因为我已经在中为 polkit 配置了以下内容cd /etc/polkit-1/localauthority/50-local.d

    root@LB1EDGRSISNBX02:/etc/polkit-1/localauthority/50-local.d# cat service-auth.pkla
    [Allow svc_auto_bm to start/stop/restart services]
    Identity=unix-group:svc_auto_bm
    Action=org.freedesktop.systemd1.manage-units
    ResultActive=yes
    root@LB1EDGRSISNBX02:/etc/polkit-1/localauthority/50-local.d#
    

我还在 /etc/polkit-1/rules.d 中配置了规则

cd /etc/polkit-1/rules.d
root@LB1EDGRSISNBX02:/etc/polkit-1/rules.d# cat service-auth.rules
polkit.addRule(function(action, subject) {
    if (action.id == "org.freedesktop.systemd1.manage-units" &&
        subject.isInGroup("svc_auto_bm")) {
        if (action.lookup("unit") == "http.server.service") {
            var verb = action.lookup("verb");
            if (verb == "start" || verb == "stop" || verb == "restart") {
                return polkit.Result.YES;
            }
        }
    }
});
root@LB1EDGRSISNBX02:/etc/polkit-1/rules.d# cat http.server.rules
polkit.addRule(function(action, subject) {
    if (action.id == "org.freedesktop.systemd1.manage-units" &&
        subject.isInGroup("svc_auto_bm")) {
        if (action.lookup("unit") == "http.server.service") {
            var verb = action.lookup("verb");
            if (verb == "start" || verb == "stop" || verb == "restart") {
                return polkit.Result.YES;
            }
        }
    }
});
root@LB1EDGRSISNBX02:/etc/polkit-1/rules.d# cat svc_auth_bm.rules
polkit.addRule(function(action, subject) {
    if (action.id == "org.freedesktop.systemd1.manage-units" &&
        subject.isInGroup("svc_auto_bm")) {
        if (action.lookup("unit") == "http.server.service") {
            var verb = action.lookup("verb");
            if (verb == "start" || verb == "stop" || verb == "restart") {
                return polkit.Result.YES;
            }
        }
    }
});
root@LB1EDGRSISNBX02:/etc/polkit-1/rules.d#

相关内容