[SOLVED] systemctl instantly fails without asking for password

SunBlade · 2023-02-18 20:44:46

Hi, i have a very peculiar problem:

systemctl disable {any .service or .(auto)mount}

instantly fails with error: "Failed to disable unit: Access denied"
but...

systemctl {enable,start,stop} {any .service or .(auto)mount}

asks for root password, and then successfully finishes its job.

and when prefixed with sudo everything works as expected.
i am stumped, i honestly don't even know where to start my analysis.

i already tried rebooting and login with a new user.

$ uname -a
Linux GMonster 6.1.12-zen1-1-zen #1 ZEN SMP PREEMPT_DYNAMIC Tue, 14 Feb 2023 22:08:11 +0000 x86_64 GNU/Linux
$ systemctl --version
systemd 253 (253-1-arch)
+PAM +AUDIT -SELINUX -APPARMOR -IMA +SMACK +SECCOMP +GCRYPT +GNUTLS +OPENSSL +ACL +BLKID +CURL +ELFUTILS +FIDO2 +IDN2 -IDN +IPTC +KMOD +LIBCRYPTSETUP +LIBFDISK +PCRE2 -PWQUALITY +P11KIT -QRENCODE +TPM2 +BZIP2 +LZ4 +XZ +ZLIB +ZSTD +BPF_FRAMEWORK +XKBCOMMON +UTMP -SYSVINIT default-hierarchy=unified

Last edited by SunBlade (2023-02-19 00:40:01)

seth · 2023-02-18 22:08:21

/usr/share/polkit-1/actions/org.freedesktop.systemd1.policy - though org.freedesktop.systemd1.manage-unit-files should™ apply to either action.

asks for root password

How? On the terminal or does a dialog pop up?
Run "dbus-monitor --system" and in a second terminal try to dis- and enable a "service" (can be "systemctl disable gnarf" as long as you abort) and check the dbus traffic. Post it in doubt.

Brocellous · 2023-02-18 23:53:21

This is an apparent oversight by systemd — their dbus policy lacks permission for the user to make these requests. I reckon it should allow these:

diff --git a/src/core/org.freedesktop.systemd1.conf b/src/core/org.freedesktop.systemd1.conf
index 7f44c32b8395..52034e07e732 100644
--- a/src/core/org.freedesktop.systemd1.conf
+++ b/src/core/org.freedesktop.systemd1.conf
@@ -298,10 +298,22 @@
                        send_interface="org.freedesktop.systemd1.Manager"
                        send_member="EnableUnitFiles"/>
 
+                <allow send_destination="org.freedesktop.systemd1"
+                       send_interface="org.freedesktop.systemd1.Manager"
+                       send_member="EnableUnitFilesWithFlags"/>
+
                 <allow send_destination="org.freedesktop.systemd1"
                        send_interface="org.freedesktop.systemd1.Manager"
                        send_member="DisableUnitFiles"/>
 
+                <allow send_destination="org.freedesktop.systemd1"
+                       send_interface="org.freedesktop.systemd1.Manager"
+                       send_member="DisableUnitFilesWithFlags"/>
+
+                <allow send_destination="org.freedesktop.systemd1"
+                       send_interface="org.freedesktop.systemd1.Manager"
+                       send_member="DisableUnitFilesWithFlagsAndInstallInfo"/>
+
                 <allow send_destination="org.freedesktop.systemd1"
                        send_interface="org.freedesktop.systemd1.Manager"
                        send_member="ReenableUnitFiles"/>

loqs · 2023-02-19 00:04:13

https://github.com/systemd/systemd/pull/26487

Brocellous · 2023-02-19 00:06:24

Yes, I just submitted that.

Last edited by Brocellous (2023-02-19 00:06:48)

SunBlade · 2023-02-19 00:17:53

the last update then introduced this bug? because i could disabled services via polkit a few weeks ago.

Brocellous · 2023-02-19 00:20:06

yes https://github.com/systemd/systemd/commit/bf1bea43f15b0

SunBlade · 2023-02-19 00:38:29

just added those entries to "/usr/share/dbus-1/system.d/org.freedesktop.systemd1.conf".
works like a charm now

Arch Linux

#1 2023-02-18 20:44:46

[SOLVED] systemctl instantly fails without asking for password

#2 2023-02-18 22:08:21

Re: [SOLVED] systemctl instantly fails without asking for password

#3 2023-02-18 23:53:21

Re: [SOLVED] systemctl instantly fails without asking for password

#4 2023-02-19 00:04:13

Re: [SOLVED] systemctl instantly fails without asking for password

#5 2023-02-19 00:06:24

Re: [SOLVED] systemctl instantly fails without asking for password

#6 2023-02-19 00:17:53

Re: [SOLVED] systemctl instantly fails without asking for password

#7 2023-02-19 00:20:06

Re: [SOLVED] systemctl instantly fails without asking for password

#8 2023-02-19 00:38:29

Re: [SOLVED] systemctl instantly fails without asking for password

Board footer