The permission is granted at the first entry to match. This one shows what I suspect to be the ‘wheel’ entry before the custom entries, so it would always require the password. If so then any command that does not ‘exactly’ match the specialized command for that user will fall over to the next available option and since a wheel member is required to enter the password now the password is required. Is martin a member of the wheel group? That line above seems to indicate the possibility. Jun 18 16:29:27 fc36 sktop:900 can't attach SoftHdDevice not detached Jun 18 16:29:27 fc36 sktop: access control disabled, clients can connect from any host See journalctl -b Jun 18 16:29:27 fc36 polkitd: :3: action= home/martin/scripts/vdr/vdr_start_stop start + attaīut when selecting the desktop icons the plugin is not dettached and no X-Window opens. Running the commands on console, all is working /home/martin/scripts/vdr/vdr_start_stop start + deta With the main polkit rule you mentioned the commands are working on console, but not with Icon=/home/martin/scripts/vdr/softhddevice.pngĬomment=attach ~]$ cat -v /home/martin/desktop/stop\ VDR.desktopĮxec=/home/martin/scripts/vdr/vdr_start_stop stop + detaĬomment=vdr ~]$ cat -v /home/martin/scripts/vdr/vdr_start_stop If I now want to control the call via polkit then it will probably be very long or what do you think ? ~]$ cat -v /home/martin/Desktop/Start\ VDR.desktopĮxec=/home/martin/scripts/vdr/vdr_start_stop start + detaĮxec=/home/martin/scripts/vdr/vdr_start_stop start + atta The reason for my request is that I want to wake up my Video Disk Recorder (VDR) from sleep (suspend mode) via a desktop script.įor this I made the desktop icons visible again under Fedora 36 and created 2 desktop scripts (Start\ VDR.desktop + Stop\ VDR.desktop) and another script (vdr_start_stop). Password request as user martin: ~]$ /usr/bin/systemctl stop vdr (ALL) NOPASSWD: /usr/bin/systemctl stop vdr Secure_path=/usr/local/sbin\:/usr/local/bin\:/usr/sbin\:/usr/bin\:/sbin\:/bin\:/var/lib/snapd/snap/bin !visiblepw, always_set_home, match_group_by_gid, always_query_group_plugin, env_reset, env_keep="COLORS DISPLAY HOSTNAME HISTSIZE KDEDIR LS_COLORS", env_keep+="MAIL QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE",Įnv_keep+="LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES", env_keep+="LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE", env_keep+="LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY", The following sudoers rules are read from the /etc/sudoers file: ~]$ sudo -l -U martin See system logs and 'systemctl status vdr.service' for details.Ĭreated the custom sudoers rule as mentioned in /etc/sudoers.d directory, but it still asks for the password. vdr]$ systemctl stop vdrįailed to stop vdr.service: Access denied (ALL) NOPASSWD: /usr/bin/systemctl stop vdr.serviceīut when I want to stop the service I am asked to enter the password. User martin may run the following commands on fc36: LC_NUMERIC LC_PAPER LC_TELEPHONE", env_keep+="LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY", secure_path=/usr/local/sbin\:/usr/local/bin\:/usr/sbin\:/usr/bin\:/sbin\:/bin\:/var/lib/snapd/snap/bin !visiblepw, always_set_home, match_group_by_gid, always_query_group_plugin, env_reset, env_keep="COLORS DISPLAY HOSTNAME HISTSIZE KDEDIR LS_COLORS", env_keep+="MAIL QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE", env_keep+="LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES", env_keep+="LC_MONETARY LC_NAME Matching Defaults entries for martin on fc36: The user martin may run the following commands: vdr]$ sudo -l -U martin # Read drop-in files from /etc/sudoers.d (the # here does not mean a comment) # Allows members of the users group to shutdown this system # %users ALL=/sbin/mount /mnt/cdrom, /sbin/umount /mnt/cdrom # Allows members of the users group to mount and unmount the # Allows people in group wheel to run all commands # %sys ALL = NETWORKING, SOFTWARE, SERVICES, STORAGE, DELEGATING, PROCESSES, LOCATE, DRIVERS # Allows members of the 'sys' group to run networking, software, Martin ALL=(ALL) NOPASSWD: /usr/bin/systemctl stop vdr.service Martin ALL=(ALL) NOPASSWD: /usr/bin/systemctl stop vdr.service # Allow root to run any commands anywhere I would like to stop a service as user martin without having to enter the password each time.įor this I have entered the following line in the file /etc/sudoers:
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |