Difference between revisions of "PolicyKit"

From CBLFS
Jump to navigationJump to search
 
(11 intermediate revisions by 4 users not shown)
Line 2: Line 2:
 
|-valign="top"
 
|-valign="top"
 
!Download Source:
 
!Download Source:
| http://people.freedesktop.org/~david/dist/PolicyKit-{{PolicyKit-Version}}.tar.gz
+
| http://hal.freedesktop.org/releases/PolicyKit-{{PolicyKit-Version}}.tar.gz
 
|}
 
|}
  
 
----
 
----
  
{{Package-Introduction|PolicyKit is a framework for defining policy for system-wide components and for desktop pieces to configure it. It is used by [[HAL]].}}
+
{{Package-Introduction|PolicyKit is a framework for defining policy for system-wide components and for desktop pieces to configure it. It is used by [[HAL]]. Note that this is not compatible with later versions; see [[Polkit]] if you need such a version.|http://www.freedesktop.org/wiki/Software/PolicyKit}}
 
 
== Getting the latest source ==
 
 
 
{{Note|This section is optional but recommended. You need this command only if you want to build the latest development version. If you install the latest development version of PolicyKit you'll also need to use the latest development version of [[HAL]].}}
 
 
 
Check out the source from freedesktop.org:
 
 
 
git clone git://anongit.freedesktop.org/git/PolicyKit
 
 
 
It couldn't hurt to make a tarball so you have an unmodified source around for the future:
 
 
 
tar cvjf PolicyKit{-$(date +%Y%m%d).tar.bz2,}
 
 
 
{{Note|Replace "./configure" with "./autogen.sh" to build the latest development version.}}
 
  
 
== Dependencies ==
 
== Dependencies ==
Line 32: Line 18:
  
 
=== Optional ===
 
=== Optional ===
* [[GIT]] (To get the latest source)
 
 
* [[Gtk-Doc]]
 
* [[Gtk-Doc]]
* [[intltool]] (Required for Git]]
+
* [[intltool]]
 +
* [[SELinux]]
  
 
== PolKit User/Group ==
 
== PolKit User/Group ==
Line 103: Line 89:
 
== Configuration ==
 
== Configuration ==
  
=== Bootscript ===
+
To allow HAL to automount removable drives such a thumbdrives, edit /etc/PolicyKit/PolicyKit.conf and add the following between the <config></config> tags:
 
 
{{Note|If you're installing the GIT Version of PolicyKit and [[HAL]] you do not need to install a bootscript for PolicyKit}}
 
 
 
Create the bootscript:
 
 
 
cat > /etc/rc.d/init.d/polkitd << "EOF"
 
#!/bin/sh
 
# Begin $rc_base/init.d/polkitd
 
 
. /etc/sysconfig/rc
 
. ${rc_functions}
 
 
case "${1}" in
 
        start)
 
                boot_mesg "Starting PolicyKit..."
 
                loadproc /usr/sbin/polkitd
 
                ;;
 
 
        stop)
 
                boot_mesg "Stopping PolicyKit..."
 
                killproc /usr/sbin/polkitd
 
                ;;
 
 
        restart)
 
                ${0} stop
 
                sleep 1
 
                ${0} start
 
                ;;
 
 
        status)
 
                statusproc /usr/sbin/polkitd
 
                ;;
 
 
        *)
 
                echo "Usage: ${0} {start|stop|restart|status}"
 
                exit 1
 
                ;;
 
esac
 
 
# End $rc_base/init.d/polkitd
 
EOF
 
chmod -v 754 /etc/rc.d/init.d/polkitd
 
 
 
Link it into the runlevels:
 
 
 
for link in /etc/rc.d/rc{{0,1,6}.d/K29,{2,3,4,5}.d/S20}polkitd; do
 
  ln -sfv ../init.d/polkitd $link;
 
done
 
 
 
== Privileges ==
 
 
 
{{Note|The follow change is not needed if you're using the development version.}}
 
 
 
PolicyKit installs '''desktop-console.privilege''' in /etc/PolicyKit/privilege.d which is the file that [[HAL]] will reference to see if the user can preform a specific operation (mount, cpufreq, hibernate, poweroff, reboot, suspend, etc...). Other privileges that manipulate a local device are most likely going to require this privilege.
 
  
There are a few ways to configure a privilege. You can allow anybody by setting '''Allow=uid:__all__''', a specific user by setting '''Allow=uid:username''', or a specific group by setting '''Allow=gid:groupname'''. The same applies for '''Deny'''.
+
<match action="org.freedesktop.hal.storage.mount-removable">
 +
    <return result="yes" />
 +
</match>
  
The following command modifies the privilege file so that anyone in the '''users''' group is allowed to manipulate a local device:
+
Without this you will receive an error similar to <b>org.freedesktop.Hal.Device.PermissionDeniedByPolicy:
 +
org.freedesktop.hal.storage.mount-removable no <--(action,result)</b> when you "plug in" your thumb drive.
  
sed -i "s/^Allow=.*/Allow=gid:users/" \
+
You then must upgrade your util-linux to the latest version or HAL automounting will fail with the following error <b>FAT: Unrecognized mount option "uhelper=hal" or missing value</b>. Instructions for building the latest version of util-linux can be found the development [http://cross-lfs.org/view/svn/ CLFS books].
    /etc/PolicyKit/privilege.d/desktop-console.privilege
 
  
 
= Contents =
 
= Contents =
Line 179: Line 113:
 
| /etc/PolicyKit/privilege.d /var/run/polkit-console
 
| /etc/PolicyKit/privilege.d /var/run/polkit-console
 
|}
 
|}
 +
 +
[[Category:General Utilities]]

Latest revision as of 05:53, 14 May 2010

Download Source: http://hal.freedesktop.org/releases/PolicyKit-0.9.tar.gz

Introduction to PolicyKit

PolicyKit is a framework for defining policy for system-wide components and for desktop pieces to configure it. It is used by HAL. Note that this is not compatible with later versions; see Polkit if you need such a version.

Project Homepage: http://www.freedesktop.org/wiki/Software/PolicyKit

Dependencies

Required

Optional

PolKit User/Group

groupadd -g 26 polkit &&
useradd -c "Policy Kit Daemon User" -d /dev/null \
        -u 26 -g polkit -s /bin/false polkit

Non-Multilib

Compile the package: 

./configure --prefix=/usr --sysconfdir=/etc \
    --libexecdir=/usr/lib/PolicyKit --localstatedir=/var \
    --with-polkit-user=polkit --with-polkit-group=polkit &&
make

Install the package 

make install

Multilib

32Bit

Compile the package: 

CC="gcc ${BUILD32}" PKG_CONFIG_PATH="${PKG_CONFIG_PATH32}" \
./configure --prefix=/usr --sysconfdir=/etc \
    --libexecdir=/usr/lib/PolicyKit --localstatedir=/var \
    --with-polkit-user=polkit --with-polkit-group=polkit &&
make

Install the package 

make install

N32

Compile the package: 

CC="gcc ${BUILDN32}" PKG_CONFIG_PATH="${PKG_CONFIG_PATHN32}" \
./configure --prefix=/usr --sysconfdir=/etc \
    --libexecdir=/usr/lib32/PolicyKit --localstatedir=/var \
    --libdir=/usr/lib32 --with-pam-module-dir=/lib32/security \
    --with-polkit-user=polkit --with-polkit-group=polkit &&
make

Install the package 

make install

64Bit

Compile the package: 

CC="gcc ${BUILD64}" PKG_CONFIG_PATH="${PKG_CONFIG_PATH64}" \
./configure --prefix=/usr --sysconfdir=/etc \
    --libexecdir=/usr/lib64/PolicyKit --localstatedir=/var \
    --libdir=/usr/lib64 --with-pam-module-dir=/lib64/security \
    --with-polkit-user=polkit --with-polkit-group=polkit &&
make

Install the package 

make install

Configuration

To allow HAL to automount removable drives such a thumbdrives, edit /etc/PolicyKit/PolicyKit.conf and add the following between the <config></config> tags: 

<match action="org.freedesktop.hal.storage.mount-removable">
    <return result="yes" />
</match>

Without this you will receive an error similar to org.freedesktop.Hal.Device.PermissionDeniedByPolicy: org.freedesktop.hal.storage.mount-removable no <--(action,result) when you "plug in" your thumb drive.

You then must upgrade your util-linux to the latest version or HAL automounting will fail with the following error FAT: Unrecognized mount option "uhelper=hal" or missing value. Instructions for building the latest version of util-linux can be found the development CLFS books.

Contents

Installed Programs: polkit-grant-privilege polkit-is-rivileged polkit-list-privileges polkit-revoke-privilege polkitd
Installed Libraries: libpolkit.{so,a,la} libpolkit-grant.{so,a,la} /lib/security/pam_polkit_console.{so,a,la}
Installed Directories: /etc/PolicyKit/privilege.d /var/run/polkit-console
Retrieved from "https://cblfs.clfs.org/index.php?title=PolicyKit&oldid=20198"