Cockpit – allow non-administrative users for errata/software/os update

Linux Cockpit is a web-based interface that provides graphical administrative access to a system. In this article, we’ll configure cockpit to allow non-administrative users to perform system update. Refer to solution section for more information.


Topic

  • How to configure cockpit to allow non-administrative users to apply software/errata/os update?
  • Polkit rules to allow allow non-administrative users to apply software/errata/os update in cockpit web interface.
  • Cockpit software/errata/os update
  • Cockpit allow non-admin user for software/errata/os update on Linux|Centos|RHEL|Ubuntu|Debian


Solution


Cockpit Package Installation

Install following packages:

  1. cockpit
  2. polkit
  3. cockpit-packagekit – This provides software update feature

# yum install cockpit polkit cockpit-packagekit

Create a group and add members to the group

Create a group of your choice, consider we create a group called admin and add the members to this admin group who needs to apply the errata or update the system from cockpit UI.

Add Polkit Rule

Add the following custom polkit rules which grants special privilege to the admin group members to apply software update from cockpit UI.

$ cat /etc/polkit-1/rules.d/60-software-update.rules

polkit.addRule(function(action, subject) {
if (action.id == "org.freedesktop.packagekit.package-install" ||
action.id == "org.freedesktop.packagekit.system-update" ||
action.id == "org.freedesktop.packagekit.system-sources-refresh" ||
action.id == "org.freedesktop.packagekit.package-install-untrusted" &&
subject.isInGroup("admin")) {
return polkit.Result.YES;
}
});

Restart polkit service and then login to cockpit interface as normal user who is member of the admin group to apply system patch.


You May Also Like

avatar

About the Author: TekFik

TekFik is a technical blogging site helps techies and engineers to solve their day to day issues and also allows everyone to share knowledge and feedback. Please feel free to contact us at tekfik.rd@gmail.com if there is anything.

Leave a Reply

Your email address will not be published. Required fields are marked *