Difference between revisions of "PolicyKit"
| Line 88: | Line 88: | ||
There is no pre-made bootscript for PolicyKit at this time. The daemon is at '''/usr/sbin/polkitd''' and it needs to start after [[DBUS]] but before [[HAL]]. | There is no pre-made bootscript for PolicyKit at this time. The daemon is at '''/usr/sbin/polkitd''' and it needs to start after [[DBUS]] but before [[HAL]]. | ||
| + | |||
| + | == Privileges == | ||
| + | |||
| + | PolicyKit installs '''desktop-console.privilege''' in /etc/PolicyKit/privilege.d which is the file that [[HAL]] will reference to see if the user can preform a specific operation (mount, cpufreq, hibernate, poweroff, reboot, suspend, etc...). Other privileges that manipulate a local device are most likely going to require this privilege. | ||
| + | |||
| + | There are a few ways to configure a privilege. You can allow anybody by setting '''Allow=uid:__all__''', a specific user by setting '''Allow=uid:username''', or a specific group by setting '''Allow=gid:groupname'''. The same applies for '''Deny'''. | ||
| + | |||
| + | The following command modifies the privilege file so that anyone in the '''users''' group is allowed to manipulate a local device. | ||
| + | |||
| + | sed "s/^Allow=.*/Allow=gid:users/" /etc/PolicyKit/privilege.d/desktop-console.privilege | ||
Revision as of 19:33, 28 October 2006
| Download Source: | (Not Released Yet) |
|---|
Contents
Dependencies
Required
Optional
PolKit User/Group
groupadd -g 17 polkit &&
useradd -c "Policy Kit Daemon User" -d /dev/null \
-u 17 -g polkit -s /bin/false polkit
Getting the source
Check out the source from freedesktop.org:
git clone git://anongit.freedesktop.org/git/PolicyKit
It couldn't hurt to make a tarball so you have an unmodified source around for the future:
tar cvjf PolicyKit{.tar.bz2,}
Non-Multilib
Compile the package:
./autogen.sh --prefix=/usr --sysconfdir=/etc --localstatedir=/var && make
Install the package
make install
Multilib
32Bit
Compile the package:
CC="gcc ${BUILD32}" PKG_CONFIG_PATH="${PKG_CONFIG_PATH32}" \
./autogen.sh --prefix=/usr --sysconfdir=/etc --localstatedir=/var &&
make
Install the package
make install
N32
Compile the package:
CC="gcc ${BUILDN32}" PKG_CONFIG_PATH="${PKG_CONFIG_PATHN32}" \
./autogen.sh --prefix=/usr --sysconfdir=/etc --localstatedir=/var \
--libdir=/usr/lib32 --with-pam-module-dir=/lib32/security &&
make
Install the package
make install
64Bit
Compile the package:
CC="gcc ${BUILD64}" PKG_CONFIG_PATH="${PKG_CONFIG_PATH64}" \
./autogen.sh --prefix=/usr --sysconfdir=/etc --localstatedir=/var \
--libdir=/usr/lib64 --with-pam-module-dir=/lib64/security &&
make
Install the package
make install
Configuration
Bootscript
There is no pre-made bootscript for PolicyKit at this time. The daemon is at /usr/sbin/polkitd and it needs to start after DBUS but before HAL.
Privileges
PolicyKit installs desktop-console.privilege in /etc/PolicyKit/privilege.d which is the file that HAL will reference to see if the user can preform a specific operation (mount, cpufreq, hibernate, poweroff, reboot, suspend, etc...). Other privileges that manipulate a local device are most likely going to require this privilege.
There are a few ways to configure a privilege. You can allow anybody by setting Allow=uid:__all__, a specific user by setting Allow=uid:username, or a specific group by setting Allow=gid:groupname. The same applies for Deny.
The following command modifies the privilege file so that anyone in the users group is allowed to manipulate a local device.
sed "s/^Allow=.*/Allow=gid:users/" /etc/PolicyKit/privilege.d/desktop-console.privilege
