On 2018-04-08 20:00, Brian wrote: > On Sun 08 Apr 2018 at 18:50:50 +0200, Mikhail Morfikov wrote: > > [...] >> I've seen that people use something similar to the following rule: >> ----------------------------------------- >> /etc/polkit-1/localauthority/50-local.d/20-udisks2.pkla >> ----------------------------------------- >> [Allow morfik to mount devices] >> Identity=unix-user:morfik; >> Action=org.freedesktop.udisks2.*; >> ResultAny=no >> ResultInactive=no >> ResultActive=yes >> ----------------------------------------- >> And this is a little bit better than the previous solution because it gives >> me >> the ability to specify users/groups , and only the parties can do some >> actions, >> like for instance mounting a device (to be viewed via pkaction). The problem >> here is that I can't choose which devices should be accessed by the identity >> -- >> I'm able only to set which actions can be allowed. >> >> In the polkit manual[1], there's an example that would do exactly what I >> want. >> I'm speaking about this: >> ---------------------------------------------------------------------- >> polkit.addRule(function(action, subject) { >> if (action.id.indexOf("org.freedesktop.udisks2.") == 0 && >> action.lookup("drive.vendor") == "SEAGATE" && >> action.lookup("drive.model") == "ST3300657SS" && >> subject.isInGroup("engineers")) { >> return polkit.Result.YES; >> } >> } >> }); >> ---------------------------------------------------------------------- >> I bet there's also probably something like: >> action.lookup("drive.serial") >> but I don't really know how to get those values yet. >> >> Anyways, I don't think the above rule can be used with the polkit version >> that's >> currently in Debian, which is 0.105 . That rule can be used when you deal >> with >> 0.106+ , and 0.113 is available in the experimental branch, but >> unfortunately it >> can't be installed due to dependencies problems. >> >> Is there a way to convert that rule somewhat or is this functionality >> specific >> to the polkit v0.106+? Or maybe is there another way to achieve what I want? > > Converting from the JavaScript to the old style? Probably not. Converting > the other way? Maybe. > > https://lists.debian.org/debian-user/2016/01/msg00209.html > I think I need the newer polkit version.
signature.asc
Description: OpenPGP digital signature