Is it possible to use granular systemd permissions within policykit?

Solution Verified - Updated -

Issue

  • In order to control services we need to grant the users access using polkit. We don't want to grant permissions to users using sudo. How can we use rules like the following in RHEL 7?
 polkit.addRule(function(action, subject) {
     var debug = true;
     if (action.id == "org.freedesktop.systemd1.manage-units" &&
         action.lookup("unit") == "<unit>" &&
         action.lookup("verb") == "<action>" &&
         subject.user == "<user>") {
         return polkit.Result.YES;
     }
 });

Environment

  • Red Hat Enterprise Linux 7
    • systemd
    • polkit

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In