On 08/20/2015 10:02 PM, Lennart Poettering wrote:
On Thu, 20.08.15 23:41, Michael Biebl ([email protected]) wrote:
Hi,
say I wanted to grant an unprivileged userA the ability to
systemctl start/stop/restart/reload foo.service
and only grant this for foo.service.
Is there a way to achieve that without resorting to using hacks like
sudo or a suid binary? From a cursory look, the existing PolicyKit
rules are too coarse grained for this.
Correct. This is currently not supported. That said, we could open
this up, as PolicyKit allows parameterizing actions. I'd be happy to
take a patch for this, and I figure it wouldn't even be a particularly
complex patch... (in lieu of a patch, submit a github RFE...)
Should not the solution for this be tied to the user and group field
mentioned in the unit so for example the postgresql type service unit
contains...
User=postgres
Group=postgres
Which would mean that the posgres user could start,stop,restart,reload
the postgresql.service as well as any user that has been added to the
postgres group?
JBG
_______________________________________________
systemd-devel mailing list
[email protected]
http://lists.freedesktop.org/mailman/listinfo/systemd-devel
