Is it possible to use granular systemd permissions within policykit?
Issue
- In order to control services we need to grant the users access using polkit. We don't want to grant permissions to users using sudo. How can we use rules like the following in RHEL 7?
polkit.addRule(function(action, subject) {
var debug = true;
if (action.id == "org.freedesktop.systemd1.manage-units" &&
action.lookup("unit") == "<unit>" &&
action.lookup("verb") == "<action>" &&
subject.user == "<user>") {
return polkit.Result.YES;
}
});
Environment
- Red Hat Enterprise Linux 7
- systemd
- polkit
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.