Difference between revisions of "Polkit"

From ArchWiki
Jump to: navigation, search
Line 1: Line 1:
 
[[Category:Security]]
 
[[Category:Security]]
{{i18n|PolicyKit}}
 
 
{{Expansion}}
 
{{Expansion}}
  

Revision as of 15:08, 13 June 2012

Tango-view-fullscreen.pngThis article or section needs expansion.Tango-view-fullscreen.png

Reason: please use the first argument of the template to provide a brief explanation. (Discuss in Talk:Polkit#)

From PolicyKit Library Reference Manual:

PolicyKit is an application-level toolkit for defining and handling the policy that allows unprivileged processes to speak to privileged processes: It is a framework for centralizing the decision making process with respect to granting access to privileged operations for unprivileged applications. PolicyKit is specifically targeting applications in rich desktop environments on multi-user UNIX-like operating systems. It does not imply or rely on any exotic kernel features.

PolicyKit is used for controlling system-wide privileges. It provides an organized way for non-privileged processes to communicate with privileged ones. In contrast to systems such as sudo, it does not grant root permission to an entire process, but rather allows a finer level of control of centralized system policy.

ConsoleKit

Please note: to correct issues with automount and shutdown, please check the ConsoleKit page.

Practical examples

How to let all users in the group wheel have the same privileges as root (so you do not have to enter the root password, but the wheel user's password):

Installing polkit-use-wheel-groupAUR from the AUR will create this file automatically.

Create the following file:

/etc/polkit-1/localauthority.conf.d/60-localauthority.conf
[Configuration]
AdminIdentities=unix-user:0;unix-group:wheel
Note: Higher numbers are prioritized over lower numbers.

To let users alice and bob perform all PackageKit actions (but not necessarily other PolicyKit actions), create the following file:

/etc/polkit-1/localauthority/50-local.d/10-my-pkgkit-policy.pkla
[Let Wheel Use PackageKit]
Identity=unix-user:alice;unix-user:bob
Action=org.freedesktop.packagekit.*
ResultAny=no
ResultInactive=no
ResultActive=auth_self_keep
Note: You can use the command pkaction to list all actions defined in your system.