-<?xml version="1.0" encoding="utf-8"?>
-<!DOCTYPE policyconfig PUBLIC
- "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
- "http://www.freedesktop.org/standards/PolicyKit/1/policyconfig.dtd">
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE policyconfig PUBLIC "-//freedesktop//DTD polkit Policy Configuration 1.0//EN"
+"http://www.freedesktop.org/software/polkit/policyconfig-1.dtd">
-<!-- Policy definitions for core PolicyKit actions. Copyright (c) 2008 Red Hat, Inc. -->
+<!-- Policy definitions for core polkit actions. Copyright (c) 2008-2012 Red Hat, Inc. -->
<policyconfig>
- <vendor>The PolicyKit Project</vendor>
- <vendor_url>http://hal.freedesktop.org/docs/PolicyKit/</vendor_url>
+ <vendor>The polkit project</vendor>
+ <vendor_url>http://www.freedesktop.org/wiki/Software/polkit/</vendor_url>
<action id="org.freedesktop.policykit.exec">
- <_description>Run programs as another user</_description>
+ <_description>Run a program as another user</_description>
<_message>Authentication is required to run a program as another user</_message>
<defaults>
<allow_any>auth_admin</allow_any>
</defaults>
</action>
- <action id="org.freedesktop.policykit.lockdown">
- <_description>Configure lock down for an action</_description>
- <_message>Authentication is required to configure lock down policy</_message>
- <defaults>
- <allow_any>no</allow_any>
- <allow_inactive>no</allow_inactive>
- <allow_active>auth_admin</allow_active>
- </defaults>
- <annotate key="org.freedesktop.policykit.exec.path">/usr/bin/pklalockdown</annotate>
- </action>
</policyconfig>
<refsect1 id="pkexec-security-notes"><title>SECURITY NOTES</title>
<para>
Executing a program as another user is a privileged
- operation. By default the required authorization (See
- <xref linkend="pkexec-required-authz"/>) requires administrator
+ operation. By default the action to check for (see
+ <xref linkend="pkexec-action"/>) requires administrator
authentication. In addition, the authentication dialog presented
to the user will display the full path to the program to be
executed so the user is aware of what will happen.
</para>
</refsect1>
- <refsect1 id="pkexec-required-authz"><title>REQUIRED AUTHORIZATIONS</title>
+ <refsect1 id="pkexec-action"><title>ACTION AND AUTHORIZATIONS</title>
<para>
By default, the
<emphasis>org.freedesktop.policykit.exec</emphasis> action is
annotation on an action with the value set to the full path of
the program. In addition to specifying the program, the
authentication message, description, icon and defaults can be
- specified. The strings <literal>$(user)</literal>,
- <literal>$(program)</literal> and
- <literal>$(command_line)</literal> in the message will be
- expanded, see <xref linkend="pkexec-variables"/>.
+ specified.
+ </para>
+ <para>
+ Note that authentication messages may reference variables (see
+ <xref linkend="pkexec-variables"/>), for example
+ <literal>$(user)</literal> will be expanded to the value of the
+ <literal>user</literal> variable.
</para>
</refsect1>
</listitem>
</varlistentry>
<varlistentry>
- <term><emphasis>user_full</emphasis></term>
+ <term><emphasis>user.gecos</emphasis></term>
<listitem>
<para>
The full name of the user to execute the program as.
</para>
</listitem>
</varlistentry>
+ <varlistentry>
+ <term><emphasis>user.display</emphasis></term>
+ <listitem>
+ <para>
+ A representation of the user to execute the program as
+ that is suitable for display in an authentication dialog.
+ Is typically set to a combination of the user name and the
+ full name.
+ </para>
+ </listitem>
+ </varlistentry>
</variablelist>
</refsect1>
<literal>polkit</literal> object (of type <type>Polkit</type>).
</para>
- <refsect2 id="polkit-rules-actions">
+ <refsect2 id="polkit-rules-polkit">
<title>The <type>Polkit</type> type</title>
<para>
});
]]></programlisting>
<para>
- will produce the following when the user runs 'pkexec bash -i' from a shelll:
+ will produce the following when the user runs 'pkexec -u bateman bash -i' from a shell:
</para>
<programlisting><![CDATA[
-May 24 14:28:50 thinkpad polkitd[32217]: /etc/polkit-1/rules.d/10-test.rules:3: action=[Action id='org.freedesktop.policykit.exec' command_line='/usr/bin/bash -i' program='/usr/bin/bash' user_full='root (root)' user='root']
+May 24 14:28:50 thinkpad polkitd[32217]: /etc/polkit-1/rules.d/10-test.rules:3: action=[Action id='org.freedesktop.policykit.exec' command_line='/usr/bin/bash -i' program='/usr/bin/bash' user='bateman' user.gecos='Patrick Bateman' user.display='Patrick Bateman (bateman)']
May 24 14:28:50 thinkpad polkitd[32217]: /etc/polkit-1/rules.d/10-test.rules:4: subject=[Subject pid=1352 user='davidz' groups=davidz,wheel, seat='seat0' session='1' local=true active=true]
]]></programlisting>
<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE policyconfig PUBLIC
- "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
- "http://www.freedesktop.org/standards/PolicyKit/1/policyconfig.dtd">
+<!DOCTYPE policyconfig PUBLIC "-//freedesktop//DTD polkit Policy Configuration 1.0//EN"
+"http://www.freedesktop.org/software/polkit/policyconfig-1.dtd">
<policyconfig>
- <vendor>Examples for the PolicyKit Project</vendor>
- <vendor_url>http://hal.freedesktop.org/docs/PolicyKit/</vendor_url>
+ <vendor>Examples for the polkit project</vendor>
+ <vendor_url>http://www.freedesktop.org/wiki/Software/polkit/</vendor_url>
<action id="org.freedesktop.policykit.example.pkexec.run-frobnicate">
- <_description>Run the PolicyKit example program Frobnicate</_description>
- <_message>Authentication is required to run the PolicyKit example program Frobnicate (user=$(user), program=$(program), command_line=$(command_line))</_message>
+ <_description>Run the polkit example program Frobnicate</_description>
+ <_message>Authentication is required to run the polkit example program Frobnicate (user=$(user), user.gecos=$(user.gecos), user.display=$(user.display), program=$(program), command_line=$(command_line))</_message>
<icon_name>audio-x-generic</icon_name> <!-- just an example -->
<defaults>
<allow_any>no</allow_any>
details = polkit_details_new ();
polkit_details_insert (details, "user", pw->pw_name);
+ if (pw->pw_gecos != NULL)
+ polkit_details_insert (details, "user.gecos", pw->pw_gecos);
if (pw->pw_gecos != NULL && strlen (pw->pw_gecos) > 0)
s = g_strdup_printf ("%s (%s)", pw->pw_gecos, pw->pw_name);
else
s = g_strdup_printf ("%s", pw->pw_name);
- polkit_details_insert (details, "user_full", s);
+ polkit_details_insert (details, "user.display", s);
g_free (s);
polkit_details_insert (details, "program", path);
polkit_details_insert (details, "command_line", command_line);
* be expanded to the path of the program e.g. "/bin/bash" and the latter
* to the user e.g. "John Doe (johndoe)" or "johndoe".
*/
- N_("Authentication is needed to run `$(program)' as user $(user)"));
+ N_("Authentication is needed to run `$(program)' as user $(user.display)"));
}
}
polkit_details_insert (details, "polkit.gettext_domain", GETTEXT_PACKAGE);
projects / platform / upstream / polkit.git / commitdiff