问题描述:
使用普通账号test通过systemctl启动系统服务提示需要输入root密码:
解决方案:
根据上面提示得知权限由polkit进行管理,对应的是org.freedesktop.systemd1.policy这个配置文件下的manae-units动作
进入/usr/share/polkit-1/actions/org.freedesktop.systemd1.policy,
将对应manae-units的defaults中的授权全部改为yes,然后执行systemctl restart polkit重启polkit
<defaults>
<allow_any>yes</allow_any>
<allow_inactive>yes</allow_inactive>
<allow_active>yes</allow_active>
</defaults>
下图为权限可选的配置参数
| defaults |
This element is used to specify implicit authorizations for clients. Elements that can be used inside defaults include:
| allow_any |
Implicit authorizations that apply to any client. Optional. |
| allow_inactive |
Implicit authorizations that apply to clients in inactive sessions on local consoles. Optional. |
| allow_active |
Implicit authorizations that apply to clients in active sessions on local consoles. Optional. |
Each of the allow_any, allow_inactive and allow_active elements can contain the following values:
| no
|
Not authorized. |
| yes
|
Authorized. |
| auth_self
|
Authentication by the owner of the session that the client originates from is required. Note that this is not restrictive enough for most uses on multi-user systems; auth_admin* is generally recommended. |
| auth_admin
|
Authentication by an administrative user is required. |
| auth_self_keep
|
Like auth_self but the authorization is kept for a brief period (e.g. five minutes). The warning about auth_self above applies likewise. |
| auth_admin_keep
|
Like auth_admin but the authorization is kept for a brief period (e.g. five minutes). |
|
