You are not logged in.
Hi, i have a very peculiar problem:
systemctl disable {any .service or .(auto)mount}
instantly fails with error: "Failed to disable unit: Access denied"
but...
systemctl {enable,start,stop} {any .service or .(auto)mount}
asks for root password, and then successfully finishes its job.
and when prefixed with sudo everything works as expected.
i am stumped, i honestly don't even know where to start my analysis.
i already tried rebooting and login with a new user.
$ uname -a
Linux GMonster 6.1.12-zen1-1-zen #1 ZEN SMP PREEMPT_DYNAMIC Tue, 14 Feb 2023 22:08:11 +0000 x86_64 GNU/Linux
$ systemctl --version
systemd 253 (253-1-arch)
+PAM +AUDIT -SELINUX -APPARMOR -IMA +SMACK +SECCOMP +GCRYPT +GNUTLS +OPENSSL +ACL +BLKID +CURL +ELFUTILS +FIDO2 +IDN2 -IDN +IPTC +KMOD +LIBCRYPTSETUP +LIBFDISK +PCRE2 -PWQUALITY +P11KIT -QRENCODE +TPM2 +BZIP2 +LZ4 +XZ +ZLIB +ZSTD +BPF_FRAMEWORK +XKBCOMMON +UTMP -SYSVINIT default-hierarchy=unified
Last edited by SunBlade (2023-02-19 00:40:01)
Live your life, you got only one.
Offline
/usr/share/polkit-1/actions/org.freedesktop.systemd1.policy - though org.freedesktop.systemd1.manage-unit-files should™ apply to either action.
asks for root password
How? On the terminal or does a dialog pop up?
Run "dbus-monitor --system" and in a second terminal try to dis- and enable a "service" (can be "systemctl disable gnarf" as long as you abort) and check the dbus traffic. Post it in doubt.
Offline
This is an apparent oversight by systemd — their dbus policy lacks permission for the user to make these requests. I reckon it should allow these:
diff --git a/src/core/org.freedesktop.systemd1.conf b/src/core/org.freedesktop.systemd1.conf
index 7f44c32b8395..52034e07e732 100644
--- a/src/core/org.freedesktop.systemd1.conf
+++ b/src/core/org.freedesktop.systemd1.conf
@@ -298,10 +298,22 @@
send_interface="org.freedesktop.systemd1.Manager"
send_member="EnableUnitFiles"/>
+ <allow send_destination="org.freedesktop.systemd1"
+ send_interface="org.freedesktop.systemd1.Manager"
+ send_member="EnableUnitFilesWithFlags"/>
+
<allow send_destination="org.freedesktop.systemd1"
send_interface="org.freedesktop.systemd1.Manager"
send_member="DisableUnitFiles"/>
+ <allow send_destination="org.freedesktop.systemd1"
+ send_interface="org.freedesktop.systemd1.Manager"
+ send_member="DisableUnitFilesWithFlags"/>
+
+ <allow send_destination="org.freedesktop.systemd1"
+ send_interface="org.freedesktop.systemd1.Manager"
+ send_member="DisableUnitFilesWithFlagsAndInstallInfo"/>
+
<allow send_destination="org.freedesktop.systemd1"
send_interface="org.freedesktop.systemd1.Manager"
send_member="ReenableUnitFiles"/>Offline
Offline
Yes, I just submitted that.
Last edited by Brocellous (2023-02-19 00:06:48)
Offline
the last update then introduced this bug? because i could disabled services via polkit a few weeks ago.
Live your life, you got only one.
Offline
Offline
just added those entries to "/usr/share/dbus-1/system.d/org.freedesktop.systemd1.conf".
works like a charm now ![]()
Live your life, you got only one.
Offline