Hacker News new | ask | show | jobs
by GoblinSlayer 1969 days ago
I want to start and stop a couple of systemd services remotely. Currently I expose the command with sudo and run it under a remotely connected user. What are other options?
2 comments
Spivak 1956 days ago
You don't actually have to be root at all to manage systemd services. If you give the user `org.freedesktop.systemd1.manage-units` in Polkit then they can just run systemctl as their user and it will work.

If you only want to allow specific units the authorizer is passed the unit under `action.lookup("unit")`.

link
ktpsns 1969 days ago
In your case either use plain /sbin/su: https://man7.org/linux/man-pages/man1/su.1.html or login via root. Your use case sounds very sudo-like, thought. Probably stick to sudo.
link
GoblinSlayer 1969 days ago
It's a batch job. Ah, I see it mentions runuser, will check it.
link