Damien LEFEVRE
2021-04-06 13:21:32 UTC
Hi,
I have an embedded device and I do not install sudo. I need to have a
non-root running the main service capable of changing the hostname.
After spending a long afternoon on this I still have not managed.
Here i've tried adding my new user but only read-only requests go through
/usr/share/dbus-1/system.d/org.freedesktop.hostname1.conf
```xml
<?xml version="1.0"?> <!--*-nxml-*-->
<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configuration
1.0//EN"
"http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
<!--
SPDX-License-Identifier: LGPL-2.1+
This file is part of systemd.
systemd is free software; you can redistribute it and/or modify it
under the terms of the GNU Lesser General Public License as published by
the Free Software Foundation; either version 2.1 of the License, or
(at your option) any later version.
-->
<busconfig>
<policy user="root">
<allow own="org.freedesktop.hostname1"/>
<allow send_destination="org.freedesktop.hostname1"/>
<allow receive_sender="org.freedesktop.hostname1"/>
</policy>
<policy user="myuser">
<!--<allow own="org.freedesktop.hostname1"/>-->
<allow send_destination="org.freedesktop.hostname1"/>
<allow receive_sender="org.freedesktop.hostname1"/>
</policy>
<policy context="default">
<allow send_destination="org.freedesktop.hostname1"/>
<allow receive_sender="org.freedesktop.hostname1"/>
</policy>
</busconfig>
```
/usr/share/polkit-1/actions/org.freedesktop.hostname1.policy
```xml
<?xml version="1.0" encoding="UTF-8"?> <!--*-nxml-*-->
<!DOCTYPE policyconfig PUBLIC "-//freedesktop//DTD PolicyKit Policy
Configuration 1.0//EN"
"http://www.freedesktop.org/standards/PolicyKit/1/policyconfig.dtd">
<!--
SPDX-License-Identifier: LGPL-2.1+
systemd is free software; you can redistribute it and/or modify it
under the terms of the GNU Lesser General Public License as published by
the Free Software Foundation; either version 2.1 of the License, or
(at your option) any later version.
-->
<policyconfig>
<vendor>The systemd Project</vendor>
<vendor_url>http://www.freedesktop.org/wiki/Software/systemd
</vendor_url>
<action id="org.freedesktop.hostname1.set-hostname">
<description gettext-domain="systemd">Set host
name</description>
<message gettext-domain="systemd">Authentication is
required to set the local host name.</message>
<defaults>
<allow_any>auth_admin_keep</allow_any>
<allow_inactive>auth_admin_keep</allow_inactive>
<allow_active>auth_admin_keep</allow_active>
</defaults>
</action>
<action id="org.freedesktop.hostname1.set-static-hostname">
<description gettext-domain="systemd">Set static host
name</description>
<message gettext-domain="systemd">Authentication is
required to set the statically configured local host name, as well as the
pretty host name.</message>
<defaults>
<allow_any>auth_admin_keep</allow_any>
<allow_inactive>auth_admin_keep</allow_inactive>
<allow_active>auth_admin_keep</allow_active>
</defaults>
<annotate
key="org.freedesktop.policykit.imply">org.freedesktop.hostname1.set-hostname
org.freedesktop.hostname1.set-machine-info</annotate>
</action>
<action id="org.freedesktop.hostname1.set-machine-info">
<description gettext-domain="systemd">Set machine
information</description>
<message gettext-domain="systemd">Authentication is
required to set local machine information.</message>
<defaults>
<allow_any>auth_admin_keep</allow_any>
<allow_inactive>auth_admin_keep</allow_inactive>
<allow_active>auth_admin_keep</allow_active>
</defaults>
</action>
<action id="org.freedesktop.hostname1.get-product-uuid">
<description gettext-domain="systemd">Get product
UUID</description>
<message gettext-domain="systemd">Authentication is
required to get product UUID.</message>
<defaults>
<allow_any>auth_admin_keep</allow_any>
<allow_inactive>auth_admin_keep</allow_inactive>
<allow_active>auth_admin_keep</allow_active>
</defaults>
</action>
</policyconfig>
```
Despite all my attempts I always get 'Could not set property: Access
denied' for hostnamectl set-hostname
And get the 'org.freedesktop.DBus.Error.AccessDenied' in dbus-monitor
method call time=1617739342.317948 sender=:1.23 ->
destination=org.freedesktop.hostname1 serial=3
path=/org/freedesktop/hostname1; interface=org.freedesktop.hostname1;
member=SetStaticHostname
string "blabla"
boolean true
...
error time=1617739342.320289 sender=:1.24 -> destination=:1.23
error_name=org.freedesktop.DBus.Error.AccessDenied reply_serial=3
string "Permission denied"
Any help would be greatly appreciated =)
-Damien
I have an embedded device and I do not install sudo. I need to have a
non-root running the main service capable of changing the hostname.
After spending a long afternoon on this I still have not managed.
Here i've tried adding my new user but only read-only requests go through
/usr/share/dbus-1/system.d/org.freedesktop.hostname1.conf
```xml
<?xml version="1.0"?> <!--*-nxml-*-->
<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configuration
1.0//EN"
"http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
<!--
SPDX-License-Identifier: LGPL-2.1+
This file is part of systemd.
systemd is free software; you can redistribute it and/or modify it
under the terms of the GNU Lesser General Public License as published by
the Free Software Foundation; either version 2.1 of the License, or
(at your option) any later version.
-->
<busconfig>
<policy user="root">
<allow own="org.freedesktop.hostname1"/>
<allow send_destination="org.freedesktop.hostname1"/>
<allow receive_sender="org.freedesktop.hostname1"/>
</policy>
<policy user="myuser">
<!--<allow own="org.freedesktop.hostname1"/>-->
<allow send_destination="org.freedesktop.hostname1"/>
<allow receive_sender="org.freedesktop.hostname1"/>
</policy>
<policy context="default">
<allow send_destination="org.freedesktop.hostname1"/>
<allow receive_sender="org.freedesktop.hostname1"/>
</policy>
</busconfig>
```
/usr/share/polkit-1/actions/org.freedesktop.hostname1.policy
```xml
<?xml version="1.0" encoding="UTF-8"?> <!--*-nxml-*-->
<!DOCTYPE policyconfig PUBLIC "-//freedesktop//DTD PolicyKit Policy
Configuration 1.0//EN"
"http://www.freedesktop.org/standards/PolicyKit/1/policyconfig.dtd">
<!--
SPDX-License-Identifier: LGPL-2.1+
systemd is free software; you can redistribute it and/or modify it
under the terms of the GNU Lesser General Public License as published by
the Free Software Foundation; either version 2.1 of the License, or
(at your option) any later version.
-->
<policyconfig>
<vendor>The systemd Project</vendor>
<vendor_url>http://www.freedesktop.org/wiki/Software/systemd
</vendor_url>
<action id="org.freedesktop.hostname1.set-hostname">
<description gettext-domain="systemd">Set host
name</description>
<message gettext-domain="systemd">Authentication is
required to set the local host name.</message>
<defaults>
<allow_any>auth_admin_keep</allow_any>
<allow_inactive>auth_admin_keep</allow_inactive>
<allow_active>auth_admin_keep</allow_active>
</defaults>
</action>
<action id="org.freedesktop.hostname1.set-static-hostname">
<description gettext-domain="systemd">Set static host
name</description>
<message gettext-domain="systemd">Authentication is
required to set the statically configured local host name, as well as the
pretty host name.</message>
<defaults>
<allow_any>auth_admin_keep</allow_any>
<allow_inactive>auth_admin_keep</allow_inactive>
<allow_active>auth_admin_keep</allow_active>
</defaults>
<annotate
key="org.freedesktop.policykit.imply">org.freedesktop.hostname1.set-hostname
org.freedesktop.hostname1.set-machine-info</annotate>
</action>
<action id="org.freedesktop.hostname1.set-machine-info">
<description gettext-domain="systemd">Set machine
information</description>
<message gettext-domain="systemd">Authentication is
required to set local machine information.</message>
<defaults>
<allow_any>auth_admin_keep</allow_any>
<allow_inactive>auth_admin_keep</allow_inactive>
<allow_active>auth_admin_keep</allow_active>
</defaults>
</action>
<action id="org.freedesktop.hostname1.get-product-uuid">
<description gettext-domain="systemd">Get product
UUID</description>
<message gettext-domain="systemd">Authentication is
required to get product UUID.</message>
<defaults>
<allow_any>auth_admin_keep</allow_any>
<allow_inactive>auth_admin_keep</allow_inactive>
<allow_active>auth_admin_keep</allow_active>
</defaults>
</action>
</policyconfig>
```
Despite all my attempts I always get 'Could not set property: Access
denied' for hostnamectl set-hostname
And get the 'org.freedesktop.DBus.Error.AccessDenied' in dbus-monitor
method call time=1617739342.317948 sender=:1.23 ->
destination=org.freedesktop.hostname1 serial=3
path=/org/freedesktop/hostname1; interface=org.freedesktop.hostname1;
member=SetStaticHostname
string "blabla"
boolean true
...
error time=1617739342.320289 sender=:1.24 -> destination=:1.23
error_name=org.freedesktop.DBus.Error.AccessDenied reply_serial=3
string "Permission denied"
Any help would be greatly appreciated =)
-Damien