I’m trying to find the best way to give an unprivileged user the ability to reboot from Cockpit.
I have a fleet of pi’s used as digital signage and they have cockpit installed for management. I use it without a problem(I’m the admin) but I would like to give my volunteers the ability to reboot a pi without them just pulling the power(if they can even access it). I don’t want to let them use a user with ALL sudo rights but that’s the only way I can get it to work.
Seems I have 2 ways I should be able to get this to work. Add a user to the sudoers group with limited access, or PolicyKit rules. Both are failing me.
It seems that because cockpit manages a system over ssh through D-Bus, giving a user reboot permissions isn’t as straightforward as I thought.
The following line in the sudoers file works if you are locally logged in but not remotely
pi ALL= NOPASSWD: /sbin/reboot, /sbin/halt, /sbin/shutdown
With PolicyKit I’ve found that the rules only apply to a user locally logged into an xwindow session and not a remote session.
Anyone have any suggestions?