2009/5/20 David C. Rankin, J.D.,P.E. <drankinatty@xxxxxxxxxxxxxxxxxx>: > On or about Tuesday 19 May 2009 at approximately 03:33:03 bardo composed: >> 2009/5/18 David C. Rankin, J.D.,P.E. <drankinatty@xxxxxxxxxxxxxxxxxx>: >> > <match group="users"> >> > <return result="yes"/> >> > </match> >> >> I think this may be your problem. I searched some time ago and found >> out PolicyKit didn't support group matches. A quick look to the >> PolicyKit.conf(5) man page seems to confirm this is still the case. >> Now, I don't know if an invalid entry could invalidate the whole >> config, but it's worth a try. >> >> Corrado > > Corrado, > > You and I may be saying the same thing for two different circumstances. > Admin_auth certainly allows both user and group auths for actions (man 5 > PolicyKit.conf): > > define_admin_auth I wasn't saying you can't use "group" as an attribute for "define_admin_auth", I was saying you can't use it as an attribute for "match". So at least that rule won't work, I tried it before. Now, I don't know how PolicyKit deals with wrong parameters, but in the worst case it could treat the whole file as invalid, and that could be why your *other* rules don't work. I hope I made myself clearer this time :) Corrado
