Let normal user restart service with /etc/sudoers

I have a service (kado-demo.service) that a normal user (kado) should be able to restart without entering any password.

I created /etc/sudoers.d/user_restart and added

kado ALL=NOPASSWD: /bin/systemctl restart kado-demo.service

Permissions:

-r--r-----   1 root root   585 Mar  5 10:47 user_restart

As user k, I now should be able to execute the given command, but this happens:

/bin/systemctl restart kado-demo.service
 ==== AUTHENTICATING FOR org.freedesktop.systemd1.manage-units ===
 Authentication is required to restart 'kado-demo.service'. 
 Multiple identities can be used for authentication:
  (...)

Which is the same result as before I added the file.

The /etc/sudoers contains

#includedir /etc/sudoers.d

And I even get the same result when I add content of the user_restart file directly to /etc/sudoers.

I'm running out of ideas...

Solution 1:

For sudoers to take effect, you actually have to use sudo. :) Do:

sudo systemctl restart kado-demo.service

And it won't ask for a password.

If you don't use sudo, systemctl falls back to using Polkit for authorization.

Solution 2:

to let any regular user start or restart service :

sudo visudo 

userB ALL=NOPASSWD: /bin/systemctl restart serviceA.service, /bin/systemctl stop serviceA.service, /bin/systemctl start serviceA.service, /bin/systemctl status serviceA.service

Let normal user restart service with /etc/sudoers

Solution 1:

Solution 2:

Related

Recent Posts