CentOS7下普通賬號通過systemctl管理服務需要輸入root密碼問題
問題描述:
使用普通賬號test通過systemctl啟動系統服務提示需要輸入root密碼:
解決方案:
根據上面提示得知許可權由polkit進行管理,對應的是org.freedesktop.systemd1.policy這個配置檔案下的manae-units動作
進入/usr/share/polkit-1/actions/org.freedesktop.systemd1.policy,將對應manae-units的defaults中的授權全部改為yes,然後執行systemctl restart polkit重啟polkit
<action id="org.freedesktop.systemd1.manage-units">
<defaults>
<allow_any>yes</allow_any>
<allow_inactive>yes</allow_inactive>
<allow_active>yes</allow_active>
</defaults>
</action>
下圖為許可權可選的配置引數:
defaults 選項
This element is used to specify implicit authorizations for clients. Elements that can be used inside defaults include:
allow_any: Implicit authorizations that apply to any client. Optional.
allow_inactive: Implicit authorizations that apply to clients in inactive sessions on local consoles. Optional.
allow_active: Implicit authorizations that apply to clients in active sessions on local consoles. Optional.
Each of the allow_any, allow_inactive and allow_active elements can contain the following values:
no: Not authorized.
yes: Authorized.
auth_self: Authentication by the owner of the session that the client originates from is required. Note that this is not restrictive enough for most uses on multi-user systems; auth_admin* is generally recommended.
auth_admin: Authentication by an administrative user is required.
auth_self_keep: Like auth_self but the authorization is kept for a brief period (e.g. five minutes). The warning about auth_self above applies likewise.
auth_admin_keep: Like auth_admin but the authorization is kept for a brief period (e.g. five minutes).