Ubuntu20.04：如何授予非 root 用户访问 systemctl 的权限

2024-6-2 • tag-icon

Ubuntu20.04：如何授予非 root 用户访问 systemctl 的权限

ubuntu版本是20.04
我在端口 6000 上运行 http 服务。
我已经创建了该服务，并且作为 root 用户我可以成功运行该服务
我已经创建了一个帐户svc_auto_bm，并希望该用户能够启动服务http.server.service

我确实配置了文件

root@LB1EDGRSISNBX02:/etc/systemd/system# cat http.server.service
[Unit]
Description = Job that runs simple http server daemon

[Service]
Type=simple
WorkingDirectory=/home/svc_auto_bm/projects/lab_automation_bot/output
User=svc_auto_bm
ExecStart=/usr/bin/python3 -m http.server 6000
ExecStop=/bin/kill `/bin/ps aux | /bin/grep http.server | /bin/grep -v grep | /usr/bin/awk '{ print $2 }'`
Restart=on-abort

[Install]
WantedBy=wmulti-user.target

root@LB1EDGRSISNBX02:/etc# lsb_release 0a
Usage: lsb_release [options]

lsb_release: error: No arguments are permitted
root@LB1EDGRSISNBX02:/etc# lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 20.04.6 LTS
Release:        20.04
Codename:       focal
root@LB1EDGRSISNBX02:/etc#

存在两个问题：

当我以非 root 用户身份运行时，svc_auto_bm它会列出提供密码的用户，但该列表中svc_auto_bm缺少

它应该已经自动接受该命令，因为我已经在中为 polkit 配置了以下内容cd /etc/polkit-1/localauthority/50-local.d：

root@LB1EDGRSISNBX02:/etc/polkit-1/localauthority/50-local.d# cat service-auth.pkla
[Allow svc_auto_bm to start/stop/restart services]
Identity=unix-group:svc_auto_bm
Action=org.freedesktop.systemd1.manage-units
ResultActive=yes
root@LB1EDGRSISNBX02:/etc/polkit-1/localauthority/50-local.d#

我还在 /etc/polkit-1/rules.d 中配置了规则

cd /etc/polkit-1/rules.d
root@LB1EDGRSISNBX02:/etc/polkit-1/rules.d# cat service-auth.rules
polkit.addRule(function(action, subject) {
    if (action.id == "org.freedesktop.systemd1.manage-units" &&
        subject.isInGroup("svc_auto_bm")) {
        if (action.lookup("unit") == "http.server.service") {
            var verb = action.lookup("verb");
            if (verb == "start" || verb == "stop" || verb == "restart") {
                return polkit.Result.YES;
            }
        }
    }
});
root@LB1EDGRSISNBX02:/etc/polkit-1/rules.d# cat http.server.rules
polkit.addRule(function(action, subject) {
    if (action.id == "org.freedesktop.systemd1.manage-units" &&
        subject.isInGroup("svc_auto_bm")) {
        if (action.lookup("unit") == "http.server.service") {
            var verb = action.lookup("verb");
            if (verb == "start" || verb == "stop" || verb == "restart") {
                return polkit.Result.YES;
            }
        }
    }
});
root@LB1EDGRSISNBX02:/etc/polkit-1/rules.d# cat svc_auth_bm.rules
polkit.addRule(function(action, subject) {
    if (action.id == "org.freedesktop.systemd1.manage-units" &&
        subject.isInGroup("svc_auto_bm")) {
        if (action.lookup("unit") == "http.server.service") {
            var verb = action.lookup("verb");
            if (verb == "start" || verb == "stop" || verb == "restart") {
                return polkit.Result.YES;
            }
        }
    }
});
root@LB1EDGRSISNBX02:/etc/polkit-1/rules.d#

相关内容