You are not logged in.
For security reasons, I want to deny access to system executables (like systemctl) by creating a adminusers group and setting owner info root:adminusers and permissions to 750. May that cause a problem, like pacman errors about permissions.
Offline
systemctl requires elevated permissions. Can't you just change the root password and not share it with anyone. Oh and don't provide NOPASSWD sudo access to any user that you don't want messing with the system.
There's no such thing as a stupid question, but there sure are a lot of inquisitive idiots !
Offline
Try that:
systemctl reboot
It can be done by non-root user. Of course I've a strong pass and sudo access for only wheel members
Last edited by 6ng4n (2013-03-23 22:53:48)
Offline
That should not be a problem, https://wiki.archlinux.org/index.php/Sy … management
If it is, you may just start an additional session.
There may be better solutions but I haven't checked, since I don't need that feature right now.
Last edited by cookies (2013-03-23 23:28:38)
Offline
Try that:
systemctl reboot
It can be done by non-root user. Of course I've a strong pass and sudo access for only wheel members
Even if you change the permissions of the executable the user would still be able to reboot by sending the corresponding dbus signal. The right approach in this case would be to write a polkit rule to not allow the corresponding logind action.
$ man polkit
$ pkaction | grep login1
Offline
Try that:
systemctl reboot
It can be done by non-root user. Of course I've a strong pass and sudo access for only wheel members
So you don't even want people to reboot their machines ?
There's no such thing as a stupid question, but there sure are a lot of inquisitive idiots !
Offline
Yes I want only root to reboot machine. (Wheel members too, for sure)
Offline