How do you disable machinectl entirely? [solved]

I’m mostly interested in disabling the command to create a root shell ‘machinectl shell @root’. Attempting to ‘systemctl disable systemd-machined’ doesn’t work.

Edit:

After some more poking, it seems polkit is the way to do it. Create the file /etc/polkit-1/rules.d/10-deny-machinectl.rules and add the following


<span style="color:#323232;">polkit.addRule(function(action, subject) {
</span><span style="color:#323232;">   if (action.id.startsWith("org.freedesktop.machine1.")) {
</span><span style="color:#323232;">         return polkit.Result.NO;
</span><span style="color:#323232;">   }
</span><span style="color:#323232;">});
</span>

The list of all actions you can filter on are in /usr/share/polkit-1/actions/org.freedesktop.machine1.policy

mvirts,

I didn’t even know about machinectl. Thank you

trachemys,

The worst is that if the ‘wheel’ group is empty, it will give a root shell to absolutely anyone.

anamethatisnt,

I didn’t find a way to disable the command but in this discussion they seem to change it to request the root password:
github.com/systemd/systemd/issues/2799

  • All
  • Subscribed
  • Moderated
  • Favorites
  • random
  • uselessserver093
  • Food
  • [email protected]
  • aaaaaaacccccccce
  • test
  • CafeMeta
  • testmag
  • MUD
  • RhythmGameZone
  • RSS
  • dabs
  • oklahoma
  • Socialism
  • KbinCafe
  • TheResearchGuardian
  • Ask_kbincafe
  • SuperSentai
  • feritale
  • KamenRider
  • All magazines
    •