Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Authorization not granted with 8cabb1183aea59ccff125d0e2367fe5c8ac50b62 and following #206

Closed
polkit-github-migration-bot opened this issue Sep 19, 2023 · 1 comment
Closed

Authorization not granted with 8cabb1183aea59ccff125d0e2367fe5c8ac50b62 and following #206

polkit-github-migration-bot opened this issue Sep 19, 2023 · 1 comment

Comments

@polkit-github-migration-bot
Copy link
Collaborator

In gitlab.freedesktop.org by Atsutane on Sep 19, 2023, 16:21

Link to the original issue: https://gitlab.freedesktop.org/polkit/polkit/-/issues/205

Current behaviour, description of the problem

A non-root user is granted permissions to start, stop and restart a specific systemd service without an interactive password request for the root password. With the previously mentioned commit this no longer works and the password of root is requested.

Desired behaviour

The expected behavior would be rule based authentication:

[testuser@host ~]$ systemctl start polkit_test.service ; echo $?
0
[testuser@host ~]$

What happens now is:

[testuser@host ~]$ systemctl start polkit_test.service
==== AUTHENTICATING FOR org.freedesktop.systemd1.manage-units ====
Authentication is required to start 'polkit_test.service'.
Authenticating as: root
Password:

Reproducer

Create a simple service and define a rule which grants a non-root user permission to manage this without an interactive request for a password not-related to this user.

cat >/etc/systemd/system/polkit_test.service <<EOF
[Unit]
Description=Start as non-root user with polkit rules granting permissions
 
[Service]
Type=oneshot
ExecStart=/bin/true
 
[Install]
WantedBy=multi-user.target
EOF


cat >/etc/polkit-1/rules.d/10-test.rules <<EOF
polkit.addRule(function(action, subject) {
    if (action.id == "org.freedesktop.systemd1.manage-units") {
        if (subject.user == "testuser" && action.lookup("unit") == "polkit_test.service"  &&
            (action.lookup("verb") == "restart" || action.lookup("verb") == "stop" || action.lookup("verb") == "start")) {
            return polkit.Result.YES;
        }
    }
});
EOF

# optional:
useradd -m testuser

Detailed description

[Version of polkit]: git based 8cabb11
[Version of OS]: Arch Linux
[Anything else related to the issue]: #
@polkit-github-migration-bot
Copy link
Collaborator Author

In gitlab.freedesktop.org by bluca on Oct 8, 2023, 20:32

Fixed by https://gitlab.freedesktop.org/polkit/polkit/-/merge_requests/197 and https://gitlab.freedesktop.org/polkit/polkit/-/merge_requests/193

@msekletar msekletar mentioned this issue Mar 20, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@polkit-github-migration-bot