Am Samstag, den 17.10.2009, 21:40 -0400 schrieb Matthias Clasen: > On Sun, 2009-10-18 at 03:14 +0200, Christoph Wickert wrote: > > A couple of good questions, even if presented in a somewhat > passive-aggressive tone. Sorry about that, it wasn't meant to be aggressive in any way. Nevertheless I have to admit that I found David's "come up with a patch" attitude somewhat arrogant. I sure the manpage will not get better if people who don't understand the concept completely start adding "corrections". > > So what is the relationship between the .conf files > > in /etc/polkit-1/localauthority.conf.d and the .pkla files > > in /var/lib/polkit-1/? Do they coexist, does one overwrite the other or > > are they generated from the conf files? If so, by what program? > > The man page could certainly be clearer on this point. My understanding > is that files in /etc/polkit-1/localauthority.conf.d _can_ overwrite > each other (according to their ordering), but there is no overwriting > between configuration in /etc/polkit-1 and /var/lib/polkit-1. The first is clear, the latter IMHO not. > The files in /etc/polkit-1/localauthority.conf.d can only configure a > single aspect: which identities count as 'administrator'. This is done > with the key 'AdminIdentities'. Thanks for the clarification, I think this should be in the manapge somehow. > The .pkla files in the various /var/lib/polkit-1/localauthority/ > subdirectories can override each other (according to the ordering of the > directories). The contain authorization entries that modify the policy > for individual actions. As shown in the example in the man page. Yes, this is understandable from the current manpage. > > This is the first time .policy files are mentioned. Where are they and > > what is their purpose? > > .policy files live in /usr/share/polkit-1/actions. They are installed by > mechanisms that are using PolicyKit, to define the actions that they > want to be controlled by PolicyKit. See the section 'Declaring Actions' > in polkit(8). Maybe a reference to polkit(8) should be added here and not only at the bottom. > > We just learned that .pkla files live in /var/lib. So people are > > supposed to edit files in /var/lib that get overwritten on the next > > update? > > If you study the contents of the polkit package, you will find that all > the subdirectories below /var/lib/polkit-1/localauthority are empty. If > you create files there, they will not be overwritten by updates. I think the man page understandable by itself without looking at the filesystem or rpm database. > The /var/lib/polkit-1/localauthority/10-vendor.d directory is meant for > default policies provided by the vendor, and the polkit-desktop-policy > package installs its .pkla files there. Those will of course be > overwritten by updates. But they are not meant for editing, anyway. If > you need to tweak the policy, create your own .pkla file and put it e.g. > in /var/lib/polkit-1/localauthority/30-site.d. Understood, but this is not really following the fhs. .pkla files are config files, so shouldn't they be in /etc? Regards, Christoph -- Fedora-desktop-list mailing list Fedora-desktop-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-desktop-list
