'Re: [systemd-devel] Run reboot as normal user'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       systemd-devel
Subject:    Re: [systemd-devel] Run reboot as normal user
From:       Colin Guthrie <gmane () colin ! guthr ! ie>
Date:       2021-11-30 10:47:35
Message-ID: so4vg8$dhk$1 () ciao ! gmane ! io
[Download RAW message or body]

Mohamed Ali Fodha wrote on 30/11/2021 10:35:
> Thank you for the answers, I am working on an embedded system and the 
> polkit is not installed (not enabled at all in yocto build).
> I have a systemd service that run as a normal user and for some use case 
> it requires to do a reboot
> I simulate it just for now as a dbus-send as shown below (just for debug 
> - dbus-send will be replaced by a binary which will do the reboot)
> Previously the guest user was in sudoers (so to run reboot the systemd 
> service uses "sudo") but actually our customer wants to remove the guest 
> user from sudoers.
> Adding capabilities doesn't give me required permissions
> 
> /[Service]
> User=guest
> ExecStart=dbus-send --system --print-reply 
> --dest=org.freedesktop.systemd1 /org/freedesktop/systemd1 
> org.freedesktop.systemd1.Manager.StartUnit string:reboot.target 
> string:replace-irreversibly
> AmbientCapabilities=CAP_SYS_BOOT CAP_SYS_ADMIN
> CapabilityBoundingSet=CAP_SYS_BOOT CAP_SYS_ADMIN
> /
> /[Install]
> WantedBy=multi-user.target/

If you will have a binary to do the commands then you should just do 
that. It has to be a proper compiled binary (e.g. a simple C program).

Make sure the binary is owned by root and group-owned by the same group 
as your user (hopefully it has a private group) with group r+x 
permission. "Other" should be nothing to prevent abuse. Make sure the 
binary is marked as setuid.

In the binary, ensure you call the appropriate commands to obtain root 
privs (setruid()/setuid() etc. - can't remember off hand what to use)

Then simply exec out to "systemctl reboot".

That way although your user calls the binary, the binary then has 
permission to become root and then "talk" to systemd to tell it to issue 
the reboot.

Capabilities shouldn't come into I don't think as all you're doing is 
talking to systemd which does all the grunt work.

HTHs

Col


-- 

Colin Guthrie
gmane(at)colin.guthr.ie
http://colin.guthr.ie/

Day Job:
   Tribalogic Limited http://www.tribalogic.net/
Open Source:
   Mageia Contributor http://www.mageia.org/
   PulseAudio Hacker http://www.pulseaudio.org/
   Trac Hacker http://trac.edgewall.org/

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic