On Thu, 20.08.15 23:41, Michael Biebl ([email protected]) wrote: > Hi, > > say I wanted to grant an unprivileged userA the ability to > systemctl start/stop/restart/reload foo.service > and only grant this for foo.service. > > Is there a way to achieve that without resorting to using hacks like > sudo or a suid binary? From a cursory look, the existing PolicyKit > rules are too coarse grained for this.
Correct. This is currently not supported. That said, we could open this up, as PolicyKit allows parameterizing actions. I'd be happy to take a patch for this, and I figure it wouldn't even be a particularly complex patch... (in lieu of a patch, submit a github RFE...) Lennart -- Lennart Poettering, Red Hat _______________________________________________ systemd-devel mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/systemd-devel
