Difference between revisions of "PolicyKit"

From CBLFS
Jump to navigationJump to search
(Privileges)
 
(34 intermediate revisions by 8 users not shown)
Line 1: Line 1:
 
{| style="text-align: left; background-color: AliceBlue;"
 
{| style="text-align: left; background-color: AliceBlue;"
|-
+
|-valign="top"
 
!Download Source:
 
!Download Source:
| (Not Released Yet)
+
| http://hal.freedesktop.org/releases/PolicyKit-{{PolicyKit-Version}}.tar.gz
 
|}
 
|}
 +
 +
----
 +
 +
{{Package-Introduction|PolicyKit is a framework for defining policy for system-wide components and for desktop pieces to configure it. It is used by [[HAL]]. Note that this is not compatible with later versions; see [[Polkit]] if you need such a version.|http://www.freedesktop.org/wiki/Software/PolicyKit}}
  
 
== Dependencies ==
 
== Dependencies ==
  
 
=== Required ===
 
=== Required ===
* [[GIT]] (To get the source)
+
* [[D-BUS Glib]]
* [[DBUS]] (With Glib Binding)
 
 
* [[Glib2]]
 
* [[Glib2]]
* [[Linux-Pam]]
+
* [[Linux-PAM]]
 +
* [[xmlto]]
 +
 
 
=== Optional ===
 
=== Optional ===
 
* [[Gtk-Doc]]
 
* [[Gtk-Doc]]
* [[xmlto]]
+
* [[intltool]]
 +
* [[SELinux]]
  
 
== PolKit User/Group ==
 
== PolKit User/Group ==
  
  groupadd -g 17 polkit &&
+
  groupadd -g 26 polkit &&
 
  useradd -c "Policy Kit Daemon User" -d /dev/null \
 
  useradd -c "Policy Kit Daemon User" -d /dev/null \
         -u 17 -g polkit -s /bin/false polkit
+
         -u 26 -g polkit -s /bin/false polkit
 
 
== Getting the source ==
 
 
 
Check out the source from freedesktop.org:
 
 
 
git clone git://anongit.freedesktop.org/git/PolicyKit
 
 
 
It couldn't hurt to make a tarball so you have an unmodified source around for the future:
 
 
 
tar cvjf PolicyKit{.tar.bz2,}
 
  
 
== Non-Multilib ==
 
== Non-Multilib ==
Line 36: Line 32:
 
Compile the package:
 
Compile the package:
  
  ./autogen.sh --prefix=/usr --sysconfdir=/etc --localstatedir=/var &&
+
  ./configure --prefix=/usr --sysconfdir=/etc \
 +
    --libexecdir=/usr/lib/PolicyKit --localstatedir=/var \
 +
    --with-polkit-user=polkit --with-polkit-group=polkit &&
 
  make
 
  make
  
Line 50: Line 48:
  
 
  CC="gcc ${BUILD32}" PKG_CONFIG_PATH="${PKG_CONFIG_PATH32}" \
 
  CC="gcc ${BUILD32}" PKG_CONFIG_PATH="${PKG_CONFIG_PATH32}" \
  ./autogen.sh --prefix=/usr --sysconfdir=/etc --localstatedir=/var &&
+
  ./configure --prefix=/usr --sysconfdir=/etc \
 +
    --libexecdir=/usr/lib/PolicyKit --localstatedir=/var \
 +
    --with-polkit-user=polkit --with-polkit-group=polkit &&
 
  make
 
  make
  
Line 62: Line 62:
  
 
  CC="gcc ${BUILDN32}" PKG_CONFIG_PATH="${PKG_CONFIG_PATHN32}" \
 
  CC="gcc ${BUILDN32}" PKG_CONFIG_PATH="${PKG_CONFIG_PATHN32}" \
  ./autogen.sh --prefix=/usr --sysconfdir=/etc --localstatedir=/var \
+
  ./configure --prefix=/usr --sysconfdir=/etc \
     --libdir=/usr/lib32 --with-pam-module-dir=/lib32/security &&
+
    --libexecdir=/usr/lib32/PolicyKit --localstatedir=/var \
 +
     --libdir=/usr/lib32 --with-pam-module-dir=/lib32/security \
 +
    --with-polkit-user=polkit --with-polkit-group=polkit &&
 
  make
 
  make
  
Line 75: Line 77:
  
 
  CC="gcc ${BUILD64}" PKG_CONFIG_PATH="${PKG_CONFIG_PATH64}" \
 
  CC="gcc ${BUILD64}" PKG_CONFIG_PATH="${PKG_CONFIG_PATH64}" \
  ./autogen.sh --prefix=/usr --sysconfdir=/etc --localstatedir=/var \
+
  ./configure --prefix=/usr --sysconfdir=/etc \
     --libdir=/usr/lib64 --with-pam-module-dir=/lib64/security &&
+
    --libexecdir=/usr/lib64/PolicyKit --localstatedir=/var \
 +
     --libdir=/usr/lib64 --with-pam-module-dir=/lib64/security \
 +
    --with-polkit-user=polkit --with-polkit-group=polkit &&
 
  make
 
  make
  
Line 85: Line 89:
 
== Configuration ==
 
== Configuration ==
  
=== Bootscript ===
+
To allow HAL to automount removable drives such a thumbdrives, edit /etc/PolicyKit/PolicyKit.conf and add the following between the <config></config> tags:
  
There is no pre-made bootscript for PolicyKit at this time. The daemon is at '''/usr/sbin/polkitd''' and it needs to start after [[DBUS]] but before [[HAL]].
+
<match action="org.freedesktop.hal.storage.mount-removable">
 +
    <return result="yes" />
 +
</match>
  
== Privileges ==
+
Without this you will receive an error similar to <b>org.freedesktop.Hal.Device.PermissionDeniedByPolicy: 
 +
org.freedesktop.hal.storage.mount-removable no <--(action,result)</b> when you "plug in" your thumb drive.
  
PolicyKit installs '''desktop-console.privilege''' in /etc/PolicyKit/privilege.d which is the file that [[HAL]] will reference to see if the user can preform a specific operation (mount, cpufreq, hibernate, poweroff, reboot, suspend, etc...). Other privileges that manipulate a local device are most likely going to require this privilege.
+
You then must upgrade your util-linux to the latest version or HAL automounting will fail with the following error <b>FAT: Unrecognized mount option "uhelper=hal" or missing value</b>. Instructions for building the latest version of util-linux can be found the development [http://cross-lfs.org/view/svn/ CLFS books].
  
There are a few ways to configure a privilege. You can allow anybody by setting '''Allow=uid:__all__''', a specific user by setting '''Allow=uid:username''', or a specific group by setting '''Allow=gid:groupname'''. The same applies for '''Deny'''.
+
= Contents =
  
The following command modifies the privilege file so that anyone in the '''users''' group is allowed to manipulate a local device:
+
{| style="text-align: left;"
 +
|-valign="top"
 +
! Installed Programs:
 +
| polkit-grant-privilege polkit-is-rivileged polkit-list-privileges polkit-revoke-privilege polkitd
 +
|-valign="top"
 +
! Installed Libraries:
 +
| libpolkit.{so,a,la} libpolkit-grant.{so,a,la} /lib/security/pam_polkit_console.{so,a,la}
 +
|-valign="top"
 +
! Installed Directories:
 +
| /etc/PolicyKit/privilege.d /var/run/polkit-console
 +
|}
  
sed -i "s/^Allow=.*/Allow=gid:users/" \
+
[[Category:General Utilities]]
    /etc/PolicyKit/privilege.d/desktop-console.privilege
 

Latest revision as of 05:53, 14 May 2010

Download Source: http://hal.freedesktop.org/releases/PolicyKit-0.9.tar.gz

Introduction to PolicyKit

PolicyKit is a framework for defining policy for system-wide components and for desktop pieces to configure it. It is used by HAL. Note that this is not compatible with later versions; see Polkit if you need such a version.

Project Homepage: http://www.freedesktop.org/wiki/Software/PolicyKit

Dependencies

Required

Optional

PolKit User/Group

groupadd -g 26 polkit &&
useradd -c "Policy Kit Daemon User" -d /dev/null \
        -u 26 -g polkit -s /bin/false polkit

Non-Multilib

Compile the package: 

./configure --prefix=/usr --sysconfdir=/etc \
    --libexecdir=/usr/lib/PolicyKit --localstatedir=/var \
    --with-polkit-user=polkit --with-polkit-group=polkit &&
make

Install the package 

make install

Multilib

32Bit

Compile the package: 

CC="gcc ${BUILD32}" PKG_CONFIG_PATH="${PKG_CONFIG_PATH32}" \
./configure --prefix=/usr --sysconfdir=/etc \
    --libexecdir=/usr/lib/PolicyKit --localstatedir=/var \
    --with-polkit-user=polkit --with-polkit-group=polkit &&
make

Install the package 

make install

N32

Compile the package: 

CC="gcc ${BUILDN32}" PKG_CONFIG_PATH="${PKG_CONFIG_PATHN32}" \
./configure --prefix=/usr --sysconfdir=/etc \
    --libexecdir=/usr/lib32/PolicyKit --localstatedir=/var \
    --libdir=/usr/lib32 --with-pam-module-dir=/lib32/security \
    --with-polkit-user=polkit --with-polkit-group=polkit &&
make

Install the package 

make install

64Bit

Compile the package: 

CC="gcc ${BUILD64}" PKG_CONFIG_PATH="${PKG_CONFIG_PATH64}" \
./configure --prefix=/usr --sysconfdir=/etc \
    --libexecdir=/usr/lib64/PolicyKit --localstatedir=/var \
    --libdir=/usr/lib64 --with-pam-module-dir=/lib64/security \
    --with-polkit-user=polkit --with-polkit-group=polkit &&
make

Install the package 

make install

Configuration

To allow HAL to automount removable drives such a thumbdrives, edit /etc/PolicyKit/PolicyKit.conf and add the following between the <config></config> tags: 

<match action="org.freedesktop.hal.storage.mount-removable">
    <return result="yes" />
</match>

Without this you will receive an error similar to org.freedesktop.Hal.Device.PermissionDeniedByPolicy: org.freedesktop.hal.storage.mount-removable no <--(action,result) when you "plug in" your thumb drive.

You then must upgrade your util-linux to the latest version or HAL automounting will fail with the following error FAT: Unrecognized mount option "uhelper=hal" or missing value. Instructions for building the latest version of util-linux can be found the development CLFS books.

Contents

Installed Programs: polkit-grant-privilege polkit-is-rivileged polkit-list-privileges polkit-revoke-privilege polkitd
Installed Libraries: libpolkit.{so,a,la} libpolkit-grant.{so,a,la} /lib/security/pam_polkit_console.{so,a,la}
Installed Directories: /etc/PolicyKit/privilege.d /var/run/polkit-console
Retrieved from "https://cblfs.clfs.org/index.php?title=PolicyKit&oldid=20198"