Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Services page doesn't take in account polkit rules #16345

Closed
dfgs opened this issue Sep 14, 2021 · 2 comments
Closed

Services page doesn't take in account polkit rules #16345

dfgs opened this issue Sep 14, 2021 · 2 comments
Labels
page:services

Comments

@dfgs
Copy link

dfgs commented Sep 14, 2021

Cockpit version: 0.117 release 3.fc34.1
OS: Fedora server 34 Kernel Linux 5.13.14-200.fc34.x86_64
Page: Services

Description:

  • Given a basic user A, without admin rights
  • Given a very permissive polkit rule (1-allow-all.rules)

polkit.addRule(function(action, subject) {
return polkit.Result.YES;
});

user A is now able to do some admin tasks in cockpit (ex change firewall rules), but he is not able to start/stop services. Cockpit asks admin privileges to manage services.

Rule examples in documentation doesn't work as well (https://cockpit-project.org/guide/latest/feature-systemd)

Note: user A is able to manage services from command line (without elevation)
@martinpitt
Copy link
Member

Confirmed -- These UI actions currently query superuser.allowed which checks for general admin-ness. The actual API calls ought to work, as it uses superuser: try; but our superuser.allowed check does not check for specific polkit privileges.

This was referenced May 9, 2022
Open
Closed
Closed
@KKoukiou
Copy link
Contributor

Closing in favor of the more generic issue #17346

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
page:services
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@martinpitt @dfgs @KKoukiou