On 10-12-17, Joe wrote: > On Sun, 10 Dec 2017 00:13:59 +0100 > Dejan Jocic <jode...@gmail.com> wrote: > > > > > > Man page for pklocalauthority is bit more helpful, but far from self > > explanatory. > > And not updated for Debian. > > > In its examples section, it provides some insight about > > writing .pkla files, but it does not show all possible options, or at > > least I can't be sure that it does. For example: > > > > [Exclude Some Problematic Users] > > Identity=unix-user:homer;unix-user:grimes > > Action=com.example.awesomeproduct.* > > ResultAny=no > > ResultInactive=no > > ResultActive=auth_admin > > > > According to that, and after reading man page for polkit, I can only > > deduct that .pkla file will for that example in that > > com.example.awesomeproduct.* files reads lines under defaults and > > "answer" on allow_any and allow_inactive with no value and on > > allow_active with auth_admin value. Fine, that can work. Guess that > > you can use wildecards for all users, like unix-user:*, but that is > > only guess, cause I can't see it documented anywhere ( might have > > missed it). What I also do not see anywhere is if those are the only > > options available? Or there is some man page, or additional > > documentation in Debian that can explain that? > > > More examples, and in fact, all the Debian policies, are *.policy > files and under /usr/share/polkit-1, as Brian pointed out. > > -- > Joe >
And all the files under /usr/share/polkiit-1 should listen to the local settings under /etc/polkit-1/localauthority/ so I do not understand what is your point? Thank you for your time, Dejan Or the man pages are totally wrong?