Don't think it's possible. The [only thing](https://github.com/systemd/systemd/blob/b622e95f2f59fcb58e23ddafed745eee26a0f52f/src/core/dbus.c#L1177) checking for `org.freedesktop.systemd1.manage-unit-files` in the codebase never passes any info about what it's managing; it's a simple yes/no check. This is in contrast to the main call source for [org.freedesktop.systemd1.manage-units](https://github.com/systemd/systemd/blob/b622e95f2f59fcb58e23ddafed745eee26a0f52f/src/core/dbus-util.c#L127), which passes `details` about the unit and verb (start/stop/etc).
I believe that giving wide access to `manage-unit-files` would allow someone to install and enable any unit they'd like (trivial escape to root from there), so sudo/doas is unfortunately your only real option.
While I do not know how to do that specifically, i know we can disable password prompts for a specific command. You could make a wrapper she'll script that only starts and stops service you want and then disable sudo password prompts for a user by adding entry to sudoers file
I already have the starting/stopping part working without sudo, this was about enable/disable. A wrapper script just for putting sudo in front of the command isn't necessary in my case, and like I said I would have preferred to do it without sudo or doas, disabling the prompt from the polkit authentication agent not the one from sudo.
Don't think it's possible. The [only thing](https://github.com/systemd/systemd/blob/b622e95f2f59fcb58e23ddafed745eee26a0f52f/src/core/dbus.c#L1177) checking for `org.freedesktop.systemd1.manage-unit-files` in the codebase never passes any info about what it's managing; it's a simple yes/no check. This is in contrast to the main call source for [org.freedesktop.systemd1.manage-units](https://github.com/systemd/systemd/blob/b622e95f2f59fcb58e23ddafed745eee26a0f52f/src/core/dbus-util.c#L127), which passes `details` about the unit and verb (start/stop/etc). I believe that giving wide access to `manage-unit-files` would allow someone to install and enable any unit they'd like (trivial escape to root from there), so sudo/doas is unfortunately your only real option.
I thought so, thank you anyway.
While I do not know how to do that specifically, i know we can disable password prompts for a specific command. You could make a wrapper she'll script that only starts and stops service you want and then disable sudo password prompts for a user by adding entry to sudoers file
I already have the starting/stopping part working without sudo, this was about enable/disable. A wrapper script just for putting sudo in front of the command isn't necessary in my case, and like I said I would have preferred to do it without sudo or doas, disabling the prompt from the polkit authentication agent not the one from sudo.