PolicyKit
Download Source: | (Not Released Yet) |
---|
Contents
Dependencies
Required
Optional
PolKit User/Group
groupadd -g 17 polkit && useradd -c "Policy Kit Daemon User" -d /dev/null \ -u 17 -g polkit -s /bin/false polkit
Getting the source
Check out the source from freedesktop.org:
git clone git://anongit.freedesktop.org/git/PolicyKit
It couldn't hurt to make a tarball so you have an unmodified source around for the future:
tar cvjf PolicyKit{.tar.bz2,}
Non-Multilib
Compile the package:
./autogen.sh --prefix=/usr --sysconfdir=/etc --localstatedir=/var && make
Install the package
make install
Multilib
32Bit
Compile the package:
CC="gcc ${BUILD32}" PKG_CONFIG_PATH="${PKG_CONFIG_PATH32}" \ ./autogen.sh --prefix=/usr --sysconfdir=/etc --localstatedir=/var && make
Install the package
make install
N32
Compile the package:
CC="gcc ${BUILDN32}" PKG_CONFIG_PATH="${PKG_CONFIG_PATHN32}" \ ./autogen.sh --prefix=/usr --sysconfdir=/etc --localstatedir=/var \ --libdir=/usr/lib32 --with-pam-module-dir=/lib32/security && make
Install the package
make install
64Bit
Compile the package:
CC="gcc ${BUILD64}" PKG_CONFIG_PATH="${PKG_CONFIG_PATH64}" \ ./autogen.sh --prefix=/usr --sysconfdir=/etc --localstatedir=/var \ --libdir=/usr/lib64 --with-pam-module-dir=/lib64/security && make
Install the package
make install
Configuration
Bootscript
There is no pre-made bootscript for PolicyKit at this time. The daemon is at /usr/sbin/polkitd and it needs to start after DBUS but before HAL.
Privileges
PolicyKit installs desktop-console.privilege in /etc/PolicyKit/privilege.d which is the file that HAL will reference to see if the user can preform a specific operation (mount, cpufreq, hibernate, poweroff, reboot, suspend, etc...). Other privileges that manipulate a local device are most likely going to require this privilege.
There are a few ways to configure a privilege. You can allow anybody by setting Allow=uid:__all__, a specific user by setting Allow=uid:username, or a specific group by setting Allow=gid:groupname. The same applies for Deny.
The following command modifies the privilege file so that anyone in the users group is allowed to manipulate a local device.
sed "s/^Allow=.*/Allow=gid:users/" /etc/PolicyKit/privilege.d/desktop-console.privilege