Re: [systemd-devel] hostname can be changed without permission checks
Okay, You seem to be right. Didn't notice that. W dniu 12.09.2015 o 05:31, Michael Chapman pisze: On Sat, 12 Sep 2015, Michał Zegan wrote: Hello. It seems that I am able to change a hostname with hostnamectl set-hostname name without any problems, even logged in as unprivileged user, and I did not get any authentication requests. I did not modify polkit rules to allow this, not sure about the default ones, but they probably shouldn't allow that, just checked that implicit rules are auth_admin_keep, arch does not have vendor rules and I also do not have my own.. Did you check both /etc/polkit-1/rules.d/ and /usr/share/polkit-1/rules.d/? On my system (Fedora), gnome-control-center has added a rule to the latter directory to allow a local user set the hostname, locale, etc., if they are in the "wheel" group. Perhaps you have something similar? You can test whether PolicyKit is allowing the action with: pkcheck --action-id org.freedesktop.hostname1.set-hostname \ --process $$ --allow-user-interaction If this exits successfully, then it's something in your PolicyKit configuration allowing the action, not systemd. - Michael ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] hostname can be changed without permission checks
On Sat, 12 Sep 2015, Michał Zegan wrote: Hello. It seems that I am able to change a hostname with hostnamectl set-hostname name without any problems, even logged in as unprivileged user, and I did not get any authentication requests. I did not modify polkit rules to allow this, not sure about the default ones, but they probably shouldn't allow that, just checked that implicit rules are auth_admin_keep, arch does not have vendor rules and I also do not have my own.. Did you check both /etc/polkit-1/rules.d/ and /usr/share/polkit-1/rules.d/? On my system (Fedora), gnome-control-center has added a rule to the latter directory to allow a local user set the hostname, locale, etc., if they are in the "wheel" group. Perhaps you have something similar? You can test whether PolicyKit is allowing the action with: pkcheck --action-id org.freedesktop.hostname1.set-hostname \ --process $$ --allow-user-interaction If this exits successfully, then it's something in your PolicyKit configuration allowing the action, not systemd. - Michael___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
[systemd-devel] hostname can be changed without permission checks
Hello. It seems that I am able to change a hostname with hostnamectl set-hostname name without any problems, even logged in as unprivileged user, and I did not get any authentication requests. I did not modify polkit rules to allow this, not sure about the default ones, but they probably shouldn't allow that, just checked that implicit rules are auth_admin_keep, arch does not have vendor rules and I also do not have my own.. ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
