[Nix-dev] Setuid wrapper for bash script
Alexander Ried
groxxda at gmail.com
Wed Sep 14 21:15:24 CEST 2016
Hi. You could also consider writing a polkit rule or using sudo.
> On 14 Sep 2016, at 19:29, Daniel Hlynskyi <abcz2.uprola at gmail.com> wrote:
>
> Hi. I want to allow some user to restart systemd service. I found that setuid wrappers should be used for this task. Here is what I've written:
>
> environment.systemPackages = [
> (pkgs.writeScriptBin "restart-defenders" ''
> #!${pkgs.bash}/bin/bash
> systemctl restart defenders.service
> '')
> ];
>
> security.setuidPrograms = [ "restart-defenders" ];
>
> File was created
>
> # ls -la /var/setuid-wrappers/restart-defenders
> -r-s--x--x 1 root root 12856 Sep 14 17:17 /var/setuid-wrappers/restart-defenders
>
> But when running as normal user I get
>
> $ restart-defenders
> ==== AUTHENTICATING FOR org.freedesktop.systemd1.manage-units ===
> Authentication is required to restart 'defenders.service'.
> Multiple identities can be used for authentication:
> 1. System administrator (root)
> 2: ...
>
> What am I doing wrong?
> _______________________________________________
> nix-dev mailing list
> nix-dev at lists.science.uu.nl
> http://lists.science.uu.nl/mailman/listinfo/nix-dev
More information about the nix-dev
mailing list