On 17/04/15 18:20, Rex Dieter wrote:
Roderick Johnstone wrote:
After reading up a bit on the policykit docs I have tried two things,
neither of which have worked:
1) Edited /usr/share/polkit-1/actions/org.freedesktop.login1.policy and
changed the line in the <action id="org.freedesktop.login1.reboot">
section from:
<allow_active>yes</allow_active>
to
<allow_active>no</allow_active>
ie expecting my test account to be disallowed from running the reboot
option.
I would have expected this to work too, but the policykit daemon may not
parse this initial config after startup (try rebooting after making the
change?)
Unfortunately, this will disallow *everyone* from rebooting, possibly
including root, so be careful.
This isn't the way to go though, see below.
2) Added a file: 52-org.freedesktop.login1.xray.rules to
/etc/polkit-1/rules.d/ which contains:
polkit.addRule(function(action, subject) {
if (action.id == "org.freedesktop.login1.reboot" &&
!subject.isInGroup("admin")) {
return polkit.Result.AUTH_ADMIN;
}
});
ie expecting my test account to be prompted for a root password in this
case.
In both cases my test account can just restart the system.
Right, you followed something like
https://ask.fedoraproject.org/en/question/35143/how-can-i-configure-polkit-policy/
by putting a snippet into /etc/polkit-1/rules.d/
Yes.
This is the prefered way to do it. Not sure why it didn't work for you,
maybe try configuring to deny access first and see if that works?
So, after some testing what I'm finding is that if I log into the KDE
session as my testing user and type reboot at a konsole prompt I get a
window inviting me to enter the root password.
This the the expected behaviour for how I have the system configured at
the moment, and I can change it if I alter my rule.
On the other hand, if I select reboot from the Application Launcher
Leave menu, it just reboots straight away.
Maybe the Leave menu items are using a different polkit action or
somehow bypassing polkit?
Any ideas?
Thanks.
Roderick
_______________________________________________
kde mailing list
kde@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/kde
New to KDE4? - get help from http://userbase.kde.org