Re: polickit rules - what wrong
Brian writes: > On Thu 20 Oct 2016 at 20:38:35 +0200, Ansgar Burchardt wrote: >> Kamil Jońca writes: >> > I try to make >> > /etc/polkit-1/localauthority/50-local.d/49-nopasswd_limited.conf >> > which contains: >> > polkit.addRule(function(action, subject) { >> [ Javascript ] >> > }); >> > but no effect. >> > What do I wrong? >> >> Which version of policykit-1 do you have installed? >> >> In Debian, only the version from experimental (0.113) supports the >> newer, JavaScript-using rules. 0.105 from stable/testing/unstable does >> *not* support them, but uses an older format (which also lacks some >> features). > > What features does the .pkla format lack? >From the original mail: +--- |if (action.id == "org.freedesktop.systemd1.manage-units") { | if (action.lookup("unit") == "openvpn.service") { | var verb = action.lookup("verb"); | if (verb == "start" || verb == "stop" || verb == "restart") { +--- The .pkla files only have Action=xyz (equivalent to action.id == "..."), but additional variables can be provided (action.lookup(...)) that the old system cannot use (as far as I know). In particular here systemd also provides the unit and verb so one can allow a user to only start and stop the "openvpn.service" unit. The old system could only allow managing all units (and all unit-actions). Ansgar
Re: polickit rules - what wrong
On Thu 20 Oct 2016 at 20:38:35 +0200, Ansgar Burchardt wrote: > Kamil Jońca writes: > > I try to make > > /etc/polkit-1/localauthority/50-local.d/49-nopasswd_limited.conf > > which contains: > > polkit.addRule(function(action, subject) { > [ Javascript ] > > }); > > but no effect. > > What do I wrong? > > Which version of policykit-1 do you have installed? > > In Debian, only the version from experimental (0.113) supports the > newer, JavaScript-using rules. 0.105 from stable/testing/unstable does > *not* support them, but uses an older format (which also lacks some > features). What features does the .pkla format lack? -- Brian.
Re: polickit rules - what wrong
Hi, Kamil Jońca writes: > I try to make > /etc/polkit-1/localauthority/50-local.d/49-nopasswd_limited.conf > which contains: > polkit.addRule(function(action, subject) { [ Javascript ] > }); > but no effect. > What do I wrong? Which version of policykit-1 do you have installed? In Debian, only the version from experimental (0.113) supports the newer, JavaScript-using rules. 0.105 from stable/testing/unstable does *not* support them, but uses an older format (which also lacks some features). Ansgar
Re: polickit rules - what wrong
On Thu 20 Oct 2016 at 19:05:27 +0200, Kamil Jońca wrote: > > I try to allow ordinary user to start/stop system service. > > I try to make > /etc/polkit-1/localauthority/50-local.d/49-nopasswd_limited.conf > which contains: > --8<---cut here---start->8--- > polkit.addRule(function(action, subject) { >if (action.id == "org.freedesktop.systemd1.manage-units") { > if (action.lookup("unit") == "openvpn.service") { > var verb = action.lookup("verb"); > if (verb == "start" || verb == "stop" || verb == > "restart") { > return > polkit.Result.YES; > > } > > } > > } > }); > --8<---cut here---end--->8--- > but no effect. > What do I wrong? Where did you get that script from? -- Brian.
polickit rules - what wrong
I try to allow ordinary user to start/stop system service. I try to make /etc/polkit-1/localauthority/50-local.d/49-nopasswd_limited.conf which contains: --8<---cut here---start->8--- polkit.addRule(function(action, subject) { if (action.id == "org.freedesktop.systemd1.manage-units") { if (action.lookup("unit") == "openvpn.service") { var verb = action.lookup("verb"); if (verb == "start" || verb == "stop" || verb == "restart") { return polkit.Result.YES; } } } }); --8<---cut here---end--->8--- but no effect. What do I wrong? KJ -- http://wolnelektury.pl/wesprzyj/teraz/ "Sęk w tym, że człowiek rozumny jest statystycznie głupi" - Stanisław Lem.