Difference between revisions of "Use systemctl from web script on Raspbian"

From PeTechWiki
Jump to navigationJump to search
m
m
 
(One intermediate revision by the same user not shown)
Line 1: Line 1:
 
On Raspbian jessie, authority to the systemctl command is managed by polkit. To allow a web script to poweroff or reboot your pi using the systemctl command, you'll need to make some configuration changes to polkit-1.
 
On Raspbian jessie, authority to the systemctl command is managed by polkit. To allow a web script to poweroff or reboot your pi using the systemctl command, you'll need to make some configuration changes to polkit-1.
  
Create or modify /etc/polkit-1/localauthority.conf.d/60-desktop-policy.conf to have the following content:
+
Create or modify <code>/etc/polkit-1/localauthority.conf.d/60-desktop-policy.conf</code> to have the following content:
 
  [Configuration]
 
  [Configuration]
 
  AdminIdentities=unix-user:pi;unix-user:www-data;unix-user:0
 
  AdminIdentities=unix-user:pi;unix-user:www-data;unix-user:0
  
Create /etc/polkit-1/localauthority/50-local.d/www-data.pkla to have the following content:
+
Create <code>/etc/polkit-1/localauthority/50-local.d/www-data.pkla</code> to have the following content:
 
  [www-data Permissions]                                                                                                                   
 
  [www-data Permissions]                                                                                                                   
 
  Identity=unix-user:www-data                                                                                                               
 
  Identity=unix-user:www-data                                                                                                               
Line 12: Line 12:
 
  ResultInactive=yes                                                                                                                       
 
  ResultInactive=yes                                                                                                                       
 
  ResultActive=yes
 
  ResultActive=yes
You may name this file as you like, but it must have a .pkla extension.
+
You may name this file as you like, but it must have a .pkla extension. The '''Action''' keyword indicates the action ids for which authority is to be overridden. You will find these action ids defined in <code>/usr/share/polkit-1/actions/org.freedesktop.login1.policy</code>.
  
 
Configuration changes to polkit are applied in real time, so all you need to do now is run your web script from a browser:
 
Configuration changes to polkit are applied in real time, so all you need to do now is run your web script from a browser:

Latest revision as of 16:02, 9 April 2017

On Raspbian jessie, authority to the systemctl command is managed by polkit. To allow a web script to poweroff or reboot your pi using the systemctl command, you'll need to make some configuration changes to polkit-1.

Create or modify /etc/polkit-1/localauthority.conf.d/60-desktop-policy.conf to have the following content:

[Configuration]
AdminIdentities=unix-user:pi;unix-user:www-data;unix-user:0

Create /etc/polkit-1/localauthority/50-local.d/www-data.pkla to have the following content:

[www-data Permissions]                                                                                                                   
Identity=unix-user:www-data                                                                                                              
Action=org.freedesktop.login1.*                                                                                                          
ResultAny=yes                                                                                                                            
ResultInactive=yes                                                                                                                       
ResultActive=yes

You may name this file as you like, but it must have a .pkla extension. The Action keyword indicates the action ids for which authority is to be overridden. You will find these action ids defined in /usr/share/polkit-1/actions/org.freedesktop.login1.policy.

Configuration changes to polkit are applied in real time, so all you need to do now is run your web script from a browser:

<?php
// reboot.php - script to reboot the system
`systemctl reboot -i`;
?>

Here the backtick operator is used to execute a shell command, and option -i is used to ignore inhibitors. Make sure you secure access to your script as required.

Reference: https://www.freedesktop.org/software/polkit/docs/0.105/pklocalauthority.8.html