- ubuntu版本是20.04
- 我在端口 6000 上运行 http 服务。
- 我已经创建了该服务,并且作为 root 用户我可以成功运行该服务
- 我已经创建了一个帐户
svc_auto_bm
,并希望该用户能够启动服务http.server.service
我确实配置了文件
root@LB1EDGRSISNBX02:/etc/systemd/system# cat http.server.service
[Unit]
Description = Job that runs simple http server daemon
[Service]
Type=simple
WorkingDirectory=/home/svc_auto_bm/projects/lab_automation_bot/output
User=svc_auto_bm
ExecStart=/usr/bin/python3 -m http.server 6000
ExecStop=/bin/kill `/bin/ps aux | /bin/grep http.server | /bin/grep -v grep | /usr/bin/awk '{ print $2 }'`
Restart=on-abort
[Install]
WantedBy=wmulti-user.target
root@LB1EDGRSISNBX02:/etc# lsb_release 0a
Usage: lsb_release [options]
lsb_release: error: No arguments are permitted
root@LB1EDGRSISNBX02:/etc# lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 20.04.6 LTS
Release: 20.04
Codename: focal
root@LB1EDGRSISNBX02:/etc#
存在两个问题:
当我以非 root 用户身份运行时,
svc_auto_bm
它会列出提供密码的用户,但该列表中svc_auto_bm
缺少它应该已经自动接受该命令,因为我已经在中为 polkit 配置了以下内容
cd /etc/polkit-1/localauthority/50-local.d
:root@LB1EDGRSISNBX02:/etc/polkit-1/localauthority/50-local.d# cat service-auth.pkla [Allow svc_auto_bm to start/stop/restart services] Identity=unix-group:svc_auto_bm Action=org.freedesktop.systemd1.manage-units ResultActive=yes root@LB1EDGRSISNBX02:/etc/polkit-1/localauthority/50-local.d#
我还在 /etc/polkit-1/rules.d 中配置了规则
cd /etc/polkit-1/rules.d
root@LB1EDGRSISNBX02:/etc/polkit-1/rules.d# cat service-auth.rules
polkit.addRule(function(action, subject) {
if (action.id == "org.freedesktop.systemd1.manage-units" &&
subject.isInGroup("svc_auto_bm")) {
if (action.lookup("unit") == "http.server.service") {
var verb = action.lookup("verb");
if (verb == "start" || verb == "stop" || verb == "restart") {
return polkit.Result.YES;
}
}
}
});
root@LB1EDGRSISNBX02:/etc/polkit-1/rules.d# cat http.server.rules
polkit.addRule(function(action, subject) {
if (action.id == "org.freedesktop.systemd1.manage-units" &&
subject.isInGroup("svc_auto_bm")) {
if (action.lookup("unit") == "http.server.service") {
var verb = action.lookup("verb");
if (verb == "start" || verb == "stop" || verb == "restart") {
return polkit.Result.YES;
}
}
}
});
root@LB1EDGRSISNBX02:/etc/polkit-1/rules.d# cat svc_auth_bm.rules
polkit.addRule(function(action, subject) {
if (action.id == "org.freedesktop.systemd1.manage-units" &&
subject.isInGroup("svc_auto_bm")) {
if (action.lookup("unit") == "http.server.service") {
var verb = action.lookup("verb");
if (verb == "start" || verb == "stop" || verb == "restart") {
return polkit.Result.YES;
}
}
}
});
root@LB1EDGRSISNBX02:/etc/polkit-1/rules.d#