Document how to set up on Ubuntu or similar system with proper background op and rights

[deepcoder]

First, thanks for your work on this. A useful tool if complete.

As highlighted in Issue request cited below. If you could make a solid set of documentation to install your tool so it can run in background and has proper security to allow operation it will be a winner. Below is what I am getting when I try to run you client as a non-root user (as is indicated by your current documentation) in a tmux session. It fails with the message :

  File "/usr/lib/python3/dist-packages/dbus/connection.py", line 652, in call_blocking
    reply_message = self.send_message_with_reply_and_block(
dbus.exceptions.DBusException: org.freedesktop.DBus.Error.InteractiveAuthorizationRequired: Interactive authentication required.

#66

# on remote machine
mosquitto_pub -h 192.168.1.100 -t systemctl/target-machine/lock-all-sessions -n

# on target machine running in tmux session
user@target-machine:~$ systemctl-mqtt --mqtt-disable-tls --mqtt-host 192.168.1.100
2023-05-27T21:19:16-0700:INFO:connecting to MQTT broker 192.168.1.100:1883 (TLS disabled)
2023-05-27T21:19:16-0700:DEBUG:connected to MQTT broker 192.168.1.100:1883
2023-05-27T21:19:16-0700:DEBUG:acquired shutdown inhibitor lock
2023-05-27T21:19:16-0700:INFO:publishing 'false' on systemctl/target-machine/preparing-for-shutdown
2023-05-27T21:19:16-0700:DEBUG:publishing home assistant config on homeassistant/binary_sensor/target-machine/preparing-for-shutdown/config
2023-05-27T21:19:16-0700:INFO:subscribing to systemctl/target-machine/poweroff
2023-05-27T21:19:16-0700:DEBUG:registered MQTT callback for topic systemctl/target-machine/poweroff triggering _MQTTActionSchedulePoweroff
2023-05-27T21:19:16-0700:INFO:subscribing to systemctl/target-machine/lock-all-sessions
2023-05-27T21:19:16-0700:DEBUG:registered MQTT callback for topic systemctl/target-machine/lock-all-sessions triggering _MQTTActionLockAllSessions
2023-05-27T21:21:33-0700:DEBUG:received topic=systemctl/target-machine/lock-all-sessions payload=b''
2023-05-27T21:21:33-0700:DEBUG:executing action _MQTTActionLockAllSessions
2023-05-27T21:21:33-0700:INFO:instruct all sessions to activate screen locks
Exception in thread Thread-1 (_thread_main):
Traceback (most recent call last):
  File "/usr/lib/python3.10/threading.py", line 1016, in _bootstrap_inner
    self.run()
  File "/usr/lib/python3.10/threading.py", line 953, in run
    self._target(*self._args, **self._kwargs)
  File "/usr/lib/python3/dist-packages/paho/mqtt/client.py", line 3452, in _thread_main
    self.loop_forever(retry_first_connection=True)
  File "/usr/lib/python3/dist-packages/paho/mqtt/client.py", line 1779, in loop_forever
    rc = self.loop(timeout, max_packets)
  File "/usr/lib/python3/dist-packages/paho/mqtt/client.py", line 1181, in loop
    rc = self.loop_read(max_packets)
  File "/usr/lib/python3/dist-packages/paho/mqtt/client.py", line 1572, in loop_read
    rc = self._packet_read()
  File "/usr/lib/python3/dist-packages/paho/mqtt/client.py", line 2310, in _packet_read
    rc = self._packet_handle()
  File "/usr/lib/python3/dist-packages/paho/mqtt/client.py", line 2936, in _packet_handle
    return self._handle_publish()
  File "/usr/lib/python3/dist-packages/paho/mqtt/client.py", line 3216, in _handle_publish
    self._handle_on_message(message)
  File "/usr/lib/python3/dist-packages/paho/mqtt/client.py", line 3429, in _handle_on_message
    callback(self, self._userdata, message)
  File "/home/user/.local/lib/python3.10/site-packages/systemctl_mqtt/__init__.py", line 217, in mqtt_message_callback
    self.trigger(state=state)
  File "/home/user/.local/lib/python3.10/site-packages/systemctl_mqtt/__init__.py", line 235, in trigger
    systemctl_mqtt._dbus.lock_all_sessions()
  File "/home/user/.local/lib/python3.10/site-packages/systemctl_mqtt/_dbus.py", line 105, in lock_all_sessions
    get_login_manager().LockSessions()
  File "/usr/lib/python3/dist-packages/dbus/proxies.py", line 72, in __call__
    return self._proxy_method(*args, **keywords)
  File "/usr/lib/python3/dist-packages/dbus/proxies.py", line 141, in __call__
    return self._connection.call_blocking(self._named_service,
  File "/usr/lib/python3/dist-packages/dbus/connection.py", line 652, in call_blocking
    reply_message = self.send_message_with_reply_and_block(
dbus.exceptions.DBusException: org.freedesktop.DBus.Error.InteractiveAuthorizationRequired: Interactive authentication required.

[fphammerle]

If you run systemctl-mqtt as non-root, you need to grant that particular user the following rights via policykit:

send bus=system path=/org/freedesktop/login1 interface=org.freedesktop.login1.Manager member={Inhibit,ListInhibitors,ScheduleShutdown,LockSessions}
receive bus=system path=/org/freedesktop/login1 interface=org.freedesktop.login1.Manager member=PrepareForShutdown

Alternatively, you can run systemctl-mqtt as root, but than I highly recommend dropping all capabilities, setting the "no-new-privileges" flag & applying the following apparmor profile: https://github.com/fphammerle/systemctl-mqtt/blob/master/docker-apparmor-profile

Sorry, I do not have enough time to formally document that. Help would be appreciated.