On Sun, 2009-10-18 at 03:14 +0200, Christoph Wickert wrote: A couple of good questions, even if presented in a somewhat passive-aggressive tone. > > So what is the relationship between the .conf files > in /etc/polkit-1/localauthority.conf.d and the .pkla files > in /var/lib/polkit-1/? Do they coexist, does one overwrite the other or > are they generated from the conf files? If so, by what program? The man page could certainly be clearer on this point. My understanding is that files in /etc/polkit-1/localauthority.conf.d _can_ overwrite each other (according to their ordering), but there is no overwriting between configuration in /etc/polkit-1 and /var/lib/polkit-1. The files in /etc/polkit-1/localauthority.conf.d can only configure a single aspect: which identities count as 'administrator'. This is done with the key 'AdminIdentities'. The .pkla files in the various /var/lib/polkit-1/localauthority/ subdirectories can override each other (according to the ordering of the directories). The contain authorization entries that modify the policy for individual actions. As shown in the example in the man page. > This is the first time .policy files are mentioned. Where are they and > what is their purpose? .policy files live in /usr/share/polkit-1/actions. They are installed by mechanisms that are using PolicyKit, to define the actions that they want to be controlled by PolicyKit. See the section 'Declaring Actions' in polkit(8). > We just learned that .pkla files live in /var/lib. So people are > supposed to edit files in /var/lib that get overwritten on the next > update? If you study the contents of the polkit package, you will find that all the subdirectories below /var/lib/polkit-1/localauthority are empty. If you create files there, they will not be overwritten by updates. The /var/lib/polkit-1/localauthority/10-vendor.d directory is meant for default policies provided by the vendor, and the polkit-desktop-policy package installs its .pkla files there. Those will of course be overwritten by updates. But they are not meant for editing, anyway. If you need to tweak the policy, create your own .pkla file and put it e.g. in /var/lib/polkit-1/localauthority/30-site.d. Matthias -- Fedora-desktop-list mailing list Fedora-desktop-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-desktop-list
