I'm using **CentOS 8** and I wanted to monitor my server using Cockpit but my users cannot restart/stop/start service. Only the root user and the wheel group can manage them, and I don't want the root user to be used to log in to my server. I have a monitoring group for the server called **agents**. So I added this code to my rules:
polkit.addRule(function(action, subject) {
if (action.id == "org.freedesktop.systemd1.manage-units") {
if (subject.isInGroup("agents")) {
return polkit.Result.YES;
}
}
});
But it still won't allow my monitoring team to control my services. I also tried this rule:
polkit.addAdminRule(function(action, subject) {
return ["unix-group:agents"];
});
Which will allow my monitoring team to do administrative actions. But I don't really want them to be able to do that though, just the normal start/stop services. Can somebody help me? Thanks.
Asked by Gwynn
(41 rep)
Apr 13, 2020, 09:36 AM