• 68046

    文章

  • 643

    评论

  • 65

    友链

  • 最近新加了换肤功能,大家多来逛逛吧~~~~
  • 喜欢这个网站的朋友可以加一下QQ群,我们一起交流技术。

debian下普通用户操作systemd服务

撸了今年阿里、腾讯和美团的面试,我有一个重要发现.......>>

问题描述:
使用普通账号test通过systemctl启动系统服务提示需要输入root密码:

解决方案:
根据上面提示得知权限由polkit进行管理,对应的是org.freedesktop.systemd1.policy这个配置文件下的manae-units动作

进入/usr/share/polkit-1/actions/org.freedesktop.systemd1.policy,

将对应manae-units的defaults中的授权全部改为yes,然后执行systemctl restart polkit重启polkit

<defaults>
        <allow_any>yes</allow_any>
        <allow_inactive>yes</allow_inactive>
        <allow_active>yes</allow_active>
</defaults>


下图为权限可选的配置参数 

defaults

This element is used to specify implicit authorizations for clients. Elements that can be used inside defaults include:

allow_any

Implicit authorizations that apply to any client. Optional.

allow_inactive

Implicit authorizations that apply to clients in inactive sessions on local consoles. Optional.

allow_active

Implicit authorizations that apply to clients in active sessions on local consoles. Optional.

Each of the allow_any, allow_inactive and allow_active elements can contain the following values:

no

Not authorized.

yes

Authorized.

auth_self

Authentication by the owner of the session that the client originates from is required. Note that this is not restrictive enough for most uses on multi-user systems; auth_admin* is generally recommended.

auth_admin

Authentication by an administrative user is required.

auth_self_keep

Like auth_self but the authorization is kept for a brief period (e.g. five minutes). The warning about auth_self above applies likewise.

auth_admin_keep

Like auth_admin but the authorization is kept for a brief period (e.g. five minutes).


 转载至链接:https://my.oschina.net/yehun/blog/3109086。

695856371Web网页设计师②群 | 喜欢本站的朋友可以收藏本站,或者加入我们大家一起来交流技术!

欢迎来到梁钟霖个人博客网站。本个人博客网站提供最新的站长新闻,各种互联网资讯。 还提供个人博客模板,最新最全的java教程,java面试题。在此我将尽我最大所能将此个人博客网站做的最好! 谢谢大家,愿大家一起进步!

转载原创文章请注明出处,转载至: 梁钟霖个人博客www.liangzl.com

0条评论

Loading...


发表评论

电子邮件地址不会被公开。 必填项已用*标注

自定义皮肤
注册梁钟霖个人博客