Manjaro Difference between revisions of "Manjaro Polkit Rules"

Difference between revisions of "Manjaro Polkit Rules"

From Manjaro
imported>Fhdk
(Marked this version for translation)
 
(One intermediate revision by the same user not shown)
Line 1: Line 1:
== What is polkit? ==
<languages/>
__TOC__
<translate>
== What is polkit? == <!--T:1-->


<!--T:2-->
'''polkit''' is an authorization manager and helps the system to manage who is allowed to do a certain task.
'''polkit''' is an authorization manager and helps the system to manage who is allowed to do a certain task.


== What is polkit rules? ==
== What is polkit rules? == <!--T:3-->


<!--T:4-->
Rules are definitions of the relationship between an application, the user and the system.
Rules are definitions of the relationship between an application, the user and the system.


== 99-manjaro.rules ==
== 99-manjaro.rules == <!--T:5-->


<!--T:6-->
Manjaro adds some useful rules for actions which would otherwise require the user to authenticate for a given action. The rules added by Manjaro are rules covering where the convenience of the user versus the system security becomes blurred.
Manjaro adds some useful rules for actions which would otherwise require the user to authenticate for a given action. The rules added by Manjaro are rules covering where the convenience of the user versus the system security becomes blurred.


<!--T:7-->
Consider the following rules - all part of a ruleset installed on a default Manjaro system.
Consider the following rules - all part of a ruleset installed on a default Manjaro system.


<!--T:8-->
This first rule enables a user which is member of the administrative group '''wheel''' to handle disks and partitions without requiring the user to authenticate. This rule covers the usage of removable USB devices. Because of an overlap with the internal devices this rule '''also''' makes it possible for this administrative user to modify the system's internal devices.
This first rule enables a user which is member of the administrative group '''wheel''' to handle disks and partitions without requiring the user to authenticate. This rule covers the usage of removable USB devices. Because of an overlap with the internal devices this rule '''also''' makes it possible for this administrative user to modify the system's internal devices.


  polkit.addRule(function(action, subject) {
  <!--T:9-->
polkit.addRule(function(action, subject) {
     if (action.id.indexOf("org.freedesktop.udisks2.") == 0 && subject.isInGroup("wheel")) {
     if (action.id.indexOf("org.freedesktop.udisks2.") == 0 && subject.isInGroup("wheel")) {
         return polkit.Result.YES;
         return polkit.Result.YES;
Line 23: Line 32:
The second rule allows any user to control if the system should be shut down or restarted
The second rule allows any user to control if the system should be shut down or restarted


  polkit.addRule(function(action, subject) {
  <!--T:10-->
polkit.addRule(function(action, subject) {
     if (action.id == "org.freedesktop.login1.power-off" ||
     if (action.id == "org.freedesktop.login1.power-off" ||
         action.id == "org.freedesktop.login1.reboot" ||
         action.id == "org.freedesktop.login1.reboot" ||
Line 34: Line 44:
The third rule allows the upower daemon to hibernate or suspend the system
The third rule allows the upower daemon to hibernate or suspend the system


  polkit.addRule(function(action, subject) {
  <!--T:11-->
polkit.addRule(function(action, subject) {
     if (action.id == "org.freedesktop.upower.hibernate" ||
     if (action.id == "org.freedesktop.upower.hibernate" ||
         action.id == "org.freedesktop.upower.suspend") {
         action.id == "org.freedesktop.upower.suspend") {
Line 43: Line 54:
The fourth rule allows a member of the '''network''' group to use the bluetooth devices without authentication
The fourth rule allows a member of the '''network''' group to use the bluetooth devices without authentication


  /* Allow users of network group to use blueman feature requiring root without authentication */
  <!--T:12-->
/* Allow users of network group to use blueman feature requiring root without authentication */
  polkit.addRule(function(action, subject) {
  polkit.addRule(function(action, subject) {
     if ((action.id == "org.blueman.network.setup" ||
     if ((action.id == "org.blueman.network.setup" ||
Line 54: Line 66:
  });
  });


== Conclusion ==
== Conclusion == <!--T:13-->
Manjaro has added these rules to make the system easier - you could say less confusing - to the average user.
Manjaro has added these rules to make the system easier - you could say less confusing - to the average user.


<!--T:14-->
The rules is included in a file '''99-manjaro.rules''' which is installed/maintained using the package '''manjaro-hotfixes'''
The rules is included in a file '''99-manjaro.rules''' which is installed/maintained using the package '''manjaro-hotfixes'''


== See Also ==
== See Also == <!--T:15-->
[https://www.freedesktop.org/software/polkit/docs/latest/polkit.8.html polkit documentation]
[https://www.freedesktop.org/software/polkit/docs/latest/polkit.8.html polkit documentation]


 
</translate>
[[Category:Contents Page]]
[[Category:Contents Page{{#translation:}}]]


--Frede H. 14:02, 13 April 2020 (CEST)
--Frede H. 14:02, 13 April 2020 (CEST)

Latest revision as of 18:11, 7 September 2021

Other languages:
English • ‎Türkçe • ‎français • ‎русский

What is polkit?

polkit is an authorization manager and helps the system to manage who is allowed to do a certain task.

What is polkit rules?

Rules are definitions of the relationship between an application, the user and the system.

99-manjaro.rules

Manjaro adds some useful rules for actions which would otherwise require the user to authenticate for a given action. The rules added by Manjaro are rules covering where the convenience of the user versus the system security becomes blurred.

Consider the following rules - all part of a ruleset installed on a default Manjaro system.

This first rule enables a user which is member of the administrative group wheel to handle disks and partitions without requiring the user to authenticate. This rule covers the usage of removable USB devices. Because of an overlap with the internal devices this rule also makes it possible for this administrative user to modify the system's internal devices.

polkit.addRule(function(action, subject) {
    if (action.id.indexOf("org.freedesktop.udisks2.") == 0 && subject.isInGroup("wheel")) {
        return polkit.Result.YES;
    }
});

The second rule allows any user to control if the system should be shut down or restarted

polkit.addRule(function(action, subject) {
    if (action.id == "org.freedesktop.login1.power-off" ||
        action.id == "org.freedesktop.login1.reboot" ||
        action.id == "org.freedesktop.login1.hibernate" ||
        action.id == "org.freedesktop.login1.suspend") {
        return polkit.Result.YES;
    }
});

The third rule allows the upower daemon to hibernate or suspend the system

polkit.addRule(function(action, subject) {
    if (action.id == "org.freedesktop.upower.hibernate" ||
        action.id == "org.freedesktop.upower.suspend") {
        return polkit.Result.YES;
    }
});

The fourth rule allows a member of the network group to use the bluetooth devices without authentication

/* Allow users of network group to use blueman feature requiring root without authentication */
polkit.addRule(function(action, subject) {
    if ((action.id == "org.blueman.network.setup" ||
         action.id == "org.blueman.dhcp.client" ||
         action.id == "org.blueman.rfkill.setstate" ||
         action.id == "org.blueman.pppd.pppconnect") &&
        subject.isInGroup("network")) {
        return polkit.Result.YES;
    }
});

Conclusion

Manjaro has added these rules to make the system easier - you could say less confusing - to the average user.

The rules is included in a file 99-manjaro.rules which is installed/maintained using the package manjaro-hotfixes

See Also

polkit documentation

--Frede H. 14:02, 13 April 2020 (CEST)

Cookies help us deliver our services. By using our services, you agree to our use of cookies.