Roderick Johnstone wrote:
> After reading up a bit on the policykit docs I have tried two things,
> neither of which have worked:
>
> 1) Edited /usr/share/polkit-1/actions/org.freedesktop.login1.policy and
> changed the line in the <action id="org.freedesktop.login1.reboot">
> section from:
> <allow_active>yes</allow_active>
> to
> <allow_active>no</allow_active>
>
> ie expecting my test account to be disallowed from running the reboot
> option.
I would have expected this to work too, but the policykit daemon may not
parse this initial config after startup (try rebooting after making the
change?)
Unfortunately, this will disallow *everyone* from rebooting, possibly
including root, so be careful.
This isn't the way to go though, see below.
> 2) Added a file: 52-org.freedesktop.login1.xray.rules to
> /etc/polkit-1/rules.d/ which contains:
> polkit.addRule(function(action, subject) {
> if (action.id == "org.freedesktop.login1.reboot" &&
> !subject.isInGroup("admin")) {
> return polkit.Result.AUTH_ADMIN;
> }
> });
>
> ie expecting my test account to be prompted for a root password in this
> case.
>
> In both cases my test account can just restart the system.
Right, you followed something like
https://ask.fedoraproject.org/en/question/35143/how-can-i-configure-polkit-policy/
by putting a snippet into /etc/polkit-1/rules.d/
This is the prefered way to do it. Not sure why it didn't work for you,
maybe try configuring to deny access first and see if that works?
-- Rex
_______________________________________________
kde mailing list
kde@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/kde
New to KDE4? - get help from http://userbase.kde.org
