My pkaction version is 0.112
I have a service that exists in the root directory and I want to give user group admin permissions to run the service.
The service exists in /root/home/custom_service/service.service
I tried chgrp admin ./home/custom_service/ then chmod g+rx ./home/custom_service/
When I check the permissions with ls -l ./home/custom_service/ I get -rw-r-xr-- 1 root admin 449 May 30 11:23 service.service
When I try and run the service from my testUsr account (which is in the group admin) this is the result:
I ran:
systemctl start service.service
Result:
==== AUTHENTICATING FOR org.freedesktop.systemd1.manage-units ===
Authentication is required to manage system services or units.
Authenticating as: scarycall
Password:
polkit-agent-helper-1: pam_authenticate failed: Permission denied
==== AUTHENTICATION FAILED ===
Failed to start service.service: Access denied
See system logs and 'systemctl status service.service' for details.
Note: I am able to run the service from root.
So I enabled a polkit rule as follows
// vi: ft=javascript
// Allow user in admin group to manage specific systemd units
Array.prototype.includes = function(variable) {
for (var i = 0; i < this.length; i++) { if (this[i] === variable) { return true; } }
return false;
}
polkit.addRule(function(action, subject) {
var allowed = {
units: [
"service.service"
],
actions: [
"org.freedesktop.systemd1.manage-unit-files"
],
verbs: [
"start", "stop", "restart"
]
}
var unit_name = action.lookup("unit");
if (allowed.actions.includes(action.id) &&
allowed.units.includes(unit_name) &&
allowed.verbs.includes(action.lookup("verb")) &&
subject.isInGroup("admin")
) {
return polkit.Result.YES;
}
});
This is saved at /etc/polkit-1/rules.d/60-service.rules
This rule did not work when I reran 'systemctl start service.service` I still got the result listed above.
UPDATE: The system I am running on does not have the right version of systemd to support the unit and verb details of action. So I had to use sudo permissions instead.
