Difference between revisions of "Polkit"

From ArchWiki
Jump to: navigation, search
(guess {{{stub}}} wasn't defined..)
(categorize; fix spacing; add stolen intro with project link)
Line 1: Line 1:
'''PolicyKit''' is used for controlling system-wide privileges. It provides an organized way for non-privileged processes to communicate with privileged ones. In contrast to systems such as sudo, it does not grant root permission to an entire process, but rather allows a finer level of control of centralized system policy.
+
[[Category:Security (English)]]
 +
{{i18n|PolicyKit}}
 +
{{Expansion}}
  
 +
From [http://hal.freedesktop.org/docs/PolicyKit/introduction.html PolicyKit Library Reference Manual]:
 +
 +
:''PolicyKit is an application-level toolkit for defining and handling the policy that allows unprivileged processes to speak to privileged processes: It is a framework for centralizing the decision making process with respect to granting access to privileged operations for unprivileged applications. PolicyKit is specifically targeting applications in rich desktop environments on multi-user UNIX-like operating systems. It does not imply or rely on any exotic kernel features.''
 +
 +
PolicyKit is used for controlling system-wide privileges. It provides an organized way for non-privileged processes to communicate with privileged ones. In contrast to systems such as sudo, it does not grant root permission to an entire process, but rather allows a finer level of control of centralized system policy.
  
 
==Practical examples==
 
==Practical examples==
Line 7: Line 14:
 
Make a file like:
 
Make a file like:
  
    /etc/polkit-1/localauthority.conf.d/60-localauthority.conf
+
/etc/polkit-1/localauthority.conf.d/60-localauthority.conf
  
 
(higher numbers are prioritied over lower ones) containing:
 
(higher numbers are prioritied over lower ones) containing:
Line 17: Line 24:
 
To let users alice and bob perform all [[PackageKit]] actions (but not necessarily other PolicyKit actions), make a file in e.g.  
 
To let users alice and bob perform all [[PackageKit]] actions (but not necessarily other PolicyKit actions), make a file in e.g.  
  
    /etc/polkit-1/localauthority/50-local.d/10-my-pkgkit-policy.pkla
+
/etc/polkit-1/localauthority/50-local.d/10-my-pkgkit-policy.pkla
  
 
containing
 
containing

Revision as of 18:27, 5 April 2011

This template has only maintenance purposes. For linking to local translations please use interlanguage links, see Help:i18n#Interlanguage links.


Local languages: Català – Dansk – English – Español – Esperanto – Hrvatski – Indonesia – Italiano – Lietuviškai – Magyar – Nederlands – Norsk Bokmål – Polski – Português – Slovenský – Česky – Ελληνικά – Български – Русский – Српски – Українська – עברית – العربية – ไทย – 日本語 – 正體中文 – 简体中文 – 한국어


External languages (all articles in these languages should be moved to the external wiki): Deutsch – Français – Română – Suomi – Svenska – Tiếng Việt – Türkçe – فارسی

Tango-view-fullscreen.pngThis article or section needs expansion.Tango-view-fullscreen.png

Reason: please use the first argument of the template to provide a brief explanation. (Discuss in Talk:Polkit#)

From PolicyKit Library Reference Manual:

PolicyKit is an application-level toolkit for defining and handling the policy that allows unprivileged processes to speak to privileged processes: It is a framework for centralizing the decision making process with respect to granting access to privileged operations for unprivileged applications. PolicyKit is specifically targeting applications in rich desktop environments on multi-user UNIX-like operating systems. It does not imply or rely on any exotic kernel features.

PolicyKit is used for controlling system-wide privileges. It provides an organized way for non-privileged processes to communicate with privileged ones. In contrast to systems such as sudo, it does not grant root permission to an entire process, but rather allows a finer level of control of centralized system policy.

Practical examples

How to let all users in the group "wheel" have the same admin rights as root (so you don't have to enter root password, but the wheel user's password):

Make a file like:

/etc/polkit-1/localauthority.conf.d/60-localauthority.conf

(higher numbers are prioritied over lower ones) containing:

[Configuration]
AdminIdentities=unix-user:0;unix-group:wheel

To let users alice and bob perform all PackageKit actions (but not necessarily other PolicyKit actions), make a file in e.g.

/etc/polkit-1/localauthority/50-local.d/10-my-pkgkit-policy.pkla

containing

[Let Wheel Use PackageKit]
Identity=unix-user:alice;unix-user:bob
Action=org.freedesktop.packagekit.*
ResultAny=no
ResultInactive=no
ResultActive=auth_self_keep

(Use the command pkaction to list all actions defined in your system.)