systemd-manager
systemd-manager copied to clipboard
Don't ask for password when the command is allowed by sudo
Hi! I'd like to suggest an improvement where the extensions don't ask for permission/password for commands that is already allowed by sudo.
I know there is a way to achieve that by pkexec
and the policy file org.freedesktop.policykit.pkexec.systemctl.policy, but I think there is a couple of reasons to allow the same behaviour using sudo.
First is verbosity. The file used to config pkexec is a huge and verbose xml. Second is granularity. As far as I know, there is no way to specify which services is allowed to change without password.
The same behaviour can be achieved putting this small piece of code in /etc/sudoers.d/systemctl
, for exemple. It's clear, concise and it has exactly the commands it's allowed.
username ALL=NOPASSWD: /usr/bin/systemctl start docker.service --system
username ALL=NOPASSWD: /usr/bin/systemctl stop docker.service --system
username ALL=NOPASSWD: /usr/bin/systemctl restart docker.service --system
Thank you for all the work done. I'm using this extension and it's great!