On Fri, 2018-03-30 at 10:45 +0200, Michael Biebl wrote: > No current plans to upload the JavaScript/mozjs based version to > unstable.
Okay, so 1.05 is basically to stay in Debian. > > And how should one write/override rules for polkit in Debian? > You might have a look at > https://packages.ubuntu.com/search?keywords=policykit-desktop-privile > ges AFAIU, this is basically what's described in pklocalauthority(8), right? E.g. I could do something like [Foo bar baz] Identity=unix-user:* Action=org.freedesktop.udisks2.* ResultAny=auth_admin ResultInactive=auth_admin ResultActive=auth_admin but then I'll really force every user (including root) to that. I assume there's no way to keep things for root as they are (i.e. root not needing to enter the password). Would be nice if there was something like: Identity=!unix-user:0 so that I force only non-root users to enter the password. I've noted the following possibly unclear things in pklocalauthority(8): a) In "ADMINISTRATOR AUTHENTICATION" it says "later files can override earlier ones", so 60-*.conf could be used to override 50- localauthority.conf. But it seems that there is rather some merging going on, e.g. Debian has: /etc/polkit-1/localauthority.conf.d/50-localauthority.conf /etc/polkit-1/localauthority.conf.d/51-debian-sudo.conf And the AdminIdentities= of the later is apparently rather added to that of the former. Maybe the overriding happens just at unix-user: and unix-group: level. b) The description of Identity doesn't really tell whether multiple identities are ORed or ANDed. c) There is no real description which globs are actually supported... probably just "*" but there are globbing syntaxes which offer "!" and similar. All not really an issue for me, just in case someone would want to clarify up the documentation :) But for the following it would be helpful if someone could explain how it works: d) I could nowhere find anything (neither for the .policy files) what happens if ResultAny AND ResultInactive or ResultActive are given... i.e. who wins if ResultAny says No, but ResultActive says Yes when the session is Active? The manpages do also not really explain what's all active/inactive... some websites seem to think Any is just the default if neither Inactive/Active are given... some imply that it's more when a session is neither active nor inactive, i.e. like anonymous access. e)There's /usr/share/polkit-1/rules.d/ and /etc/polkit-1/rules.d/ and a number of packages place .rules files (at least in the former). I assume these are for the post-105 versions and are completely ignored in Debian? That was a bit confusing, so perhaps one could add a README to these dirs explaining that :) Thanks for your help :) Chris. _______________________________________________ Pkg-utopia-maintainers mailing list Pkg-utopia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-utopia-maintainers