Skip to content

Instantly share code, notes, and snippets.

@nosada
Last active July 7, 2024 13:34
Show Gist options
  • Save nosada/d62def4e6ec1fcfe998f1b8abbf4e0a1 to your computer and use it in GitHub Desktop.
Save nosada/d62def4e6ec1fcfe998f1b8abbf4e0a1 to your computer and use it in GitHub Desktop.
Polkit rule that allows members in 'wheel' to use `machinectl` without password authentication
/* Allow members in 'wheel' to use machinectl without password authentication
*
* Thanks to the followings:
* - https://unix.stackexchange.com/a/595725
* - https://wiki.archlinux.org/index.php/Polkit#For_specific_actions
*/
polkit.addRule(function(action, subject) {
if (
(
action.id == "org.freedesktop.machine1.shell" ||
action.id == "org.freedesktop.machine1.manage-machines" ||
action.id == "org.freedesktop.machine1.manage-images" ||
action.id == "org.freedesktop.machine1.login" ||
(
action.id == "org.freedesktop.systemd1.manage-units" &&
RegExp('systemd-nspawn@[A-Za-z0-9_-]+.service').test(action.lookup("unit")) === true
)
)
&& subject.isInGroup("wheel")
) {
return polkit.Result.YES;
}
});
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment