search

Stefal / rtkbase

Your own GNSS base station for RTK localization with a Web GUI
GNU Affero General Public License v3.0
467 stars 114 forks source link

The flask web server needs root #20

Open Stefal opened 4 years ago

Stefal commented 4 years ago

It needs to be root to start/stop some systemd's services, reboot/restart/update.... We need to find a way to run it without root.

kikislater commented 4 years ago

I think link below cover the need : Install pip as user, custom paths for requirements, launch pip command as user =>

https://medium.com/@dorukgezici/how-to-setup-python-flask-app-on-shared-hosting-without-root-access-e40f95ccc819

Stefal commented 4 years ago

The issue is not about the way to run Flask as a standard user (it's already possible) but how to start/stop systemd services, reboot/shutdown the sbc without starting flask as 'root'. The only solution I have in mind is edit the sudoer file to allow systemctl without password. But I'm not sure it's a good idea.

Perhaps it's possible with a d-bus configuration file, but it's out of my skill so far.

kikislater commented 4 years ago

You could run systemctl as user : systemctl --user [start|stop|enable|disable|status] name.service service files should be placed at : ~/.config/systemd/user/name.service

https://computingforgeeks.com/how-to-run-systemd-service-without-root-sudo/

Stefal commented 4 years ago

Already tested, but it's a no go: user services can't depend from system-wide services

Stefal commented 9 months ago

Since Debian Bookworm it's possible to add some policykit rules to enable a group to manage some services.

Another way to add this rule to all str2str_* services: 

polkit.addRule(function(action, subject) {
    if (action.id == "org.freedesktop.systemd1.manage-units" &&
       RegExp('str2str_[A-Za-z0-9]+.service').test(action.lookup("unit")) === true &&
       subject.isInGroup("rtkbase"))
       {
         return polkit.Result.YES;
       }
    });