Re: polickit rules - what wrong
Brian writes:
> On Thu 20 Oct 2016 at 20:38:35 +0200, Ansgar Burchardt wrote:
>> Kamil Jońca writes:
>> > I try to make
>> > /etc/polkit-1/localauthority/50-local.d/49-nopasswd_limited.conf
>> > which contains:
>> > polkit.addRule(function(action, subject) {
>> [ Javascript ]
>> > });
>> > but no effect.
>> > What do I wrong?
>>
>> Which version of policykit-1 do you have installed?
>>
>> In Debian, only the version from experimental (0.113) supports the
>> newer, JavaScript-using rules. 0.105 from stable/testing/unstable does
>> *not* support them, but uses an older format (which also lacks some
>> features).
>
> What features does the .pkla format lack?
>From the original mail:
+---
|if (action.id == "org.freedesktop.systemd1.manage-units") {
| if (action.lookup("unit") == "openvpn.service") {
| var verb = action.lookup("verb");
| if (verb == "start" || verb == "stop" || verb ==
"restart") {
+---
The .pkla files only have Action=xyz (equivalent to action.id == "..."),
but additional variables can be provided (action.lookup(...)) that the
old system cannot use (as far as I know).
In particular here systemd also provides the unit and verb so one can
allow a user to only start and stop the "openvpn.service" unit. The old
system could only allow managing all units (and all unit-actions).
Ansgar
Re: polickit rules - what wrong
On Thu 20 Oct 2016 at 20:38:35 +0200, Ansgar Burchardt wrote:
> Kamil Jońca writes:
> > I try to make
> > /etc/polkit-1/localauthority/50-local.d/49-nopasswd_limited.conf
> > which contains:
> > polkit.addRule(function(action, subject) {
> [ Javascript ]
> > });
> > but no effect.
> > What do I wrong?
>
> Which version of policykit-1 do you have installed?
>
> In Debian, only the version from experimental (0.113) supports the
> newer, JavaScript-using rules. 0.105 from stable/testing/unstable does
> *not* support them, but uses an older format (which also lacks some
> features).
What features does the .pkla format lack?
--
Brian.
Re: polickit rules - what wrong
Hi,
Kamil Jońca writes:
> I try to make
> /etc/polkit-1/localauthority/50-local.d/49-nopasswd_limited.conf
> which contains:
> polkit.addRule(function(action, subject) {
[ Javascript ]
> });
> but no effect.
> What do I wrong?
Which version of policykit-1 do you have installed?
In Debian, only the version from experimental (0.113) supports the
newer, JavaScript-using rules. 0.105 from stable/testing/unstable does
*not* support them, but uses an older format (which also lacks some
features).
Ansgar
Re: polickit rules - what wrong
On Thu 20 Oct 2016 at 19:05:27 +0200, Kamil Jońca wrote:
>
> I try to allow ordinary user to start/stop system service.
>
> I try to make
> /etc/polkit-1/localauthority/50-local.d/49-nopasswd_limited.conf
> which contains:
> --8<---cut here---start->8---
> polkit.addRule(function(action, subject) {
>if (action.id == "org.freedesktop.systemd1.manage-units") {
> if (action.lookup("unit") == "openvpn.service") {
> var verb = action.lookup("verb");
> if (verb == "start" || verb == "stop" || verb ==
> "restart") {
> return
> polkit.Result.YES;
>
> }
>
> }
>
> }
> });
> --8<---cut here---end--->8---
> but no effect.
> What do I wrong?
Where did you get that script from?
--
Brian.
polickit rules - what wrong
I try to allow ordinary user to start/stop system service.
I try to make
/etc/polkit-1/localauthority/50-local.d/49-nopasswd_limited.conf
which contains:
--8<---cut here---start->8---
polkit.addRule(function(action, subject) {
if (action.id == "org.freedesktop.systemd1.manage-units") {
if (action.lookup("unit") == "openvpn.service") {
var verb = action.lookup("verb");
if (verb == "start" || verb == "stop" || verb ==
"restart") {
return
polkit.Result.YES;
}
}
}
});
--8<---cut here---end--->8---
but no effect.
What do I wrong?
KJ
--
http://wolnelektury.pl/wesprzyj/teraz/
"Sęk w tym, że człowiek rozumny jest statystycznie głupi" - Stanisław Lem.
