Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Don't ask for password when the command is allowed by sudo #7

Open
marcelopbarros opened this issue Jan 15, 2022 · 2 comments · May be fixed by #8
Open

Don't ask for password when the command is allowed by sudo #7

marcelopbarros opened this issue Jan 15, 2022 · 2 comments · May be fixed by #8
Labels
enhancement New feature or request

Comments

@marcelopbarros
Copy link

Hi! I'd like to suggest an improvement where the extensions don't ask for permission/password for commands that is already allowed by sudo.

I know there is a way to achieve that by pkexec and the policy file org.freedesktop.policykit.pkexec.systemctl.policy, but I think there is a couple of reasons to allow the same behaviour using sudo.

First is verbosity. The file used to config pkexec is a huge and verbose xml. Second is granularity. As far as I know, there is no way to specify which services is allowed to change without password.

The same behaviour can be achieved putting this small piece of code in /etc/sudoers.d/systemctl, for exemple. It's clear, concise and it has exactly the commands it's allowed.

username ALL=NOPASSWD: /usr/bin/systemctl start docker.service --system
username ALL=NOPASSWD: /usr/bin/systemctl stop docker.service --system
username ALL=NOPASSWD: /usr/bin/systemctl restart docker.service --system

Thank you for all the work done. I'm using this extension and it's great!
@marcelopbarros marcelopbarros linked a pull request Jan 15, 2022 that will close this issue
Open
@marcelopbarros
Copy link
Author

I submitted a PR with a solution I've been testing for a few weeks now. I hope it helps!

@marcelopbarros
Copy link
Author

I've just looked at @hashworks PR solution to configure rules granularity. Nice job.

But I still think it'd nice to accept sudo as alternative.

@jonian jonian added the enhancement New feature or request label Jul 9, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Don't ask for password when sudo is allowed marcelopbarros/systemd-manager
2 participants
@jonian @marcelopbarros