On 25 October 2013 11:22, Peter Lemenkov <lemenkov@xxxxxxxxx> wrote:
> Hello All!
>
> I 'm trying to write a polkit rule which allows every member of a
> particular group ("ejabberd") to run a specific script
> ("/sbin/ejabberdctl" or "/usr/sbin/ejabberdctl"). Other users should
> not be even able to run it. This sounds simple, so I quickly wrote
> this:
>
> http://peter.fedorapeople.org/stuff/ejabberdctl.polkit.rules
>
I am not an expert on javascript or polkit, but IINM the second if
rule has wrong syntax, it should be:
if( subject.isInGroup("ejabberd") ) {
return polkit.Result.YES;
}
also, it doesn't need an else bit.
I think you can merge the second if with the first one:
polkit.addRule(function(action, subject) {
var CommandLine = action.lookup("command_line").split(" ");
if ( action.id == "org.freedesktop.policykit.exec" && (CommandLine[0]
== "/sbin/ejabberdctl" || CommandLine[0] == "/usr/sbin/ejabberdctl")
&& subject.isInGroup("ejabberd") ) {
return polkit.Result.YES;
}
});
(I could be very wrong though).
> I installed it to %{_datadir}/polkit-1/rules.d/51-ejabberdctl.rules,
> and added /usr/bin/ejabberdctl which contains just the following:
>
> =======
> #!/bin/sh
> /usr/bin/pkexec /usr/sbin/ejabberdctl "$@"
> =======
>
> So when user types ejabberdctl it actually runs /usr/sbin/ejabberdctl
> under the polkit supervision. Unfortunately people started reporting
> about the issues with the other apps:
>
> * https://bugzilla.redhat.com/show_bug.cgi?id=1009408
>
> I can't find what's wrong with the rule above so I'm calling you for
> help. Could please someone help me fixing this mess?
> --
> With best regards, Peter Lemenkov.
> --
> devel mailing list
> devel@xxxxxxxxxxxxxxxxxxxxxxx
> https://admin.fedoraproject.org/mailman/listinfo/devel
> Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
--
Ahmad Samir
--
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
