[Nix-dev] Setuid wrapper for bash script
Daniel Hlynskyi
abcz2.uprola at gmail.com
Wed Sep 14 19:29:54 CEST 2016
Hi. I want to allow some user to restart systemd service. I found that
setuid wrappers should be used for this task. Here is what I've written:
environment.systemPackages = [
(pkgs.writeScriptBin "restart-defenders" ''
#!${pkgs.bash}/bin/bash
systemctl restart defenders.service
'')
];
security.setuidPrograms = [ "restart-defenders" ];
File was created
# ls -la /var/setuid-wrappers/restart-defenders
-r-s--x--x 1 root root 12856 Sep 14 17:17
/var/setuid-wrappers/restart-defenders
But when running as normal user I get
$ restart-defenders
==== AUTHENTICATING FOR org.freedesktop.systemd1.manage-units ===
Authentication is required to restart 'defenders.service'.
Multiple identities can be used for authentication:
1. System administrator (root)
2: ...
What am I doing wrong?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.science.uu.nl/pipermail/nix-dev/attachments/20160914/7e23c319/attachment.html>
More information about the nix-dev
mailing list