A system administrator needs to allow users in the 'developers' group to restart a specific systemd service, dev-app.service, without entering a password. The administrator wants to use a centralized, fine-grained authorization framework instead of granting broad sudo privileges. Which of the following approaches correctly implements this requirement using Polkit?
Create a .pkla file in /etc/polkit-1/localauthority/50-local.d/ specifying the org.freedesktop.systemd1.manage-units action and the 'developers' group, with ResultActive=yes.
Create a JavaScript rule in /etc/polkit-1/rules.d/ that grants permission for the org.freedesktop.systemd1.manage-units action to the 'developers' group when the unit is dev-app.service, returning polkit.Result.YES.
Use visudo to add the line %developers ALL=(ALL) NOPASSWD: /usr/bin/systemctl restart dev-app.service to the /etc/sudoers file.
Configure a new service file in /etc/pam.d/ that uses the pam_succeed_if.so module to grant access to systemctl for members of the 'developers' group.
The correct method is to create a Polkit rule. Polkit is a component for controlling system-wide privileges and provides a framework for authorizing specific actions. Modern Polkit configurations use JavaScript rules located in /etc/polkit-1/rules.d/. By creating a rule that checks for the org.freedesktop.systemd1.manage-units action, verifies the user is in the 'developers' group, and matches the service name to dev-app.service, the rule can return polkit.Result.YES to grant passwordless permission for that specific action.
Using visudo and NOPASSWD is a valid way to achieve the goal with sudo, but the question specifically requires a Polkit solution.
Using .pkla files is an older, deprecated method for configuring Polkit that has been replaced by JavaScript rules on modern systems.
PAM (Pluggable Authentication Modules) is used for authentication (verifying a user's identity), not for authorizing specific, granular actions like managing a single service.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is Polkit and how does it work?
Open an interactive chat with Bash
Why are `.pkla` files deprecated in modern Polkit?
Open an interactive chat with Bash
How does Polkit differ from `sudo`?
Open an interactive chat with Bash
CompTIA Linux+ XK0-006 (V8)
Security
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .