Let normal user restart service with /etc/sudoers
15,135
Solution 1
For sudoers
to take effect, you actually have to use sudo
. :) Do:
sudo systemctl restart kado-demo.service
And it won't ask for a password.
If you don't use sudo
, systemctl
falls back to using Polkit for authorization.
Solution 2
to let any regular user start
or restart
service :
sudo visudo
userB ALL=NOPASSWD: /bin/systemctl restart serviceA.service, /bin/systemctl stop serviceA.service, /bin/systemctl start serviceA.service, /bin/systemctl status serviceA.service
Related videos on Youtube
Author by
FooTheBar
Updated on September 18, 2022Comments
-
FooTheBar over 1 year
I have a service (
kado-demo.service
) that a normal user (kado
) should be able to restart without entering any password.I created
/etc/sudoers.d/user_restart
and addedkado ALL=NOPASSWD: /bin/systemctl restart kado-demo.service
Permissions:
-r--r----- 1 root root 585 Mar 5 10:47 user_restart
As user k, I now should be able to execute the given command, but this happens:
/bin/systemctl restart kado-demo.service ==== AUTHENTICATING FOR org.freedesktop.systemd1.manage-units === Authentication is required to restart 'kado-demo.service'. Multiple identities can be used for authentication: (...)
Which is the same result as before I added the file.
The
/etc/sudoers
contains#includedir /etc/sudoers.d
And I even get the same result when I add content of the
user_restart
file directly to/etc/sudoers
.I'm running out of ideas...
-
Jesse Adelman about 6 yearsJust curious - how did you know that systemctl falls back to using Polkit? Is that in a doc, or in a configuration file somewhere?
-
Olorin about 6 yearsI don't know where it's documented (it probably is documented somewhere), but the prompt in the question is a Polkit prompt: it will generate polkit log messages, and will seamlessly use a GUI prompt if a GUI polkit authentication agent is active (like it usually is on Ubuntu).
-
Elder Geek over 4 yearsWelcome to AskUbuntu! At first glance it would appear that this would allow any user in the sudo group to start or restart a service. I believe the accepted answer is far more accurate. Cheers!
-
doneal24 over 4 years@ElderGeek This allows specifically the user
userB
to restart the service. It does not reference thesudo
group at all. -
Elder Geek over 4 yearsvisudo — edit the sudoers file. See man visudo.