CentOS7下普通账号通过systemctl管理服务需要输入root密码问题

问题描述:

使用普通账号test通过systemctl启动系统服务提示需要输入root密码:

[test@host-192-168-65-94 data]$ systemctl restart nginx
==== AUTHENTICATING FOR org.freedesktop.systemd1.manage-units ===
Authentication is required to manage system services or units.
Authenticating as: root
Password: 

解决方案:

根据上面提示得知权限由polkit进行管理,对应的是org.freedesktop.systemd1.policy这个配置文件下的manae-units动作

进入/usr/share/polkit-1/actions/org.freedesktop.systemd1.policy,将对应manae-unitsdefaults中的授权全部改为yes,然后执行systemctl restart polkit重启polkit

        <action id="org.freedesktop.systemd1.manage-units">
			------
			<defaults>
			<!--
			        <allow_any>auth_admin</allow_any>
                    <allow_inactive>auth_admin</allow_inactive>
                    <allow_active>auth_admin_keep</allow_active>
			-->
					<allow_any>yes</allow_any>
			        <allow_inactive>yes</allow_inactive>
			        <allow_active>yes</allow_active>
			 </defaults>
        </action>

权限可选的配置参数:

defaults 选项

This element is used to specify implicit authorizations for clients. Elements that can be used inside defaults include:

  • allow_any: Implicit authorizations that apply to any client. Optional.
  • allow_inactive: Implicit authorizations that apply to clients in inactive sessions on local consoles. Optional.
  • allow_active: Implicit authorizations that apply to clients in active sessions on local consoles. Optional.

Each of the allow_anyallow_inactive and allow_active elements can contain the following values:

  • no: Not authorized.
  • yes: Authorized.
  • auth_self: Authentication by the owner of the session that the client originates from is required. Note that this is not restrictive enough for most uses on multi-user systems; auth_admin* is generally recommended.
  • auth_admin: Authentication by an administrative user is required.
  • auth_self_keep: Like auth_self but the authorization is kept for a brief period (e.g. five minutes). The warning about auth_self above applies likewise.
  • auth_admin_keep: Like auth_admin but the authorization is kept for a brief period (e.g. five minutes).

版权声明:本文为作者原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。

原创文章,作者:老C,如若转载,请注明出处:https://www.code404.icu/787.html

发表评论

登录后才能评论