As I discussed earlier in my rant thread, PolicyKit has been replaced
with PolicyKit-1, but there is now no gui to configure any of the policies.
It was easy enough to find the /usr/share/polikit-1 folder and I can
modify the entries there to change the deault policies to my heart's
content, but I can't figure out how grant access to a specific user.
For a real world example, suppose I want to give my primary user
permission to use sound devices, whether or not I'm currently the active
console user. (This is something I did in Jaunty so music would keep on
playing even though I'm logging in to another system remotely on a
second x session.)
I can't even find in what file that setting is stored in the old
policykit, let alone how to transfer it to policykit-1
Re: Karmic PolicyKit-1, grant access to user
Re: Karmic PolicyKit-1, grant access to user
Thanks Nikita, but unfortunately, it's not so easy.
After I had found the details for creating the local-authority files, it
turns out that permission to devices has been removed from policykit and
the job now rests directly with udev. Specifically, udev rules file
70-acl.rules, which works with consolekit to give acl permission to some
devices to teh active console user.
Re: Karmic PolicyKit-1, grant access to user
Getting closer:
I found the appropriate documentaion here:
http://hal.freedesktop.org/docs/polkit/pklocalauthority.8.html
And can now control such things as power suspend and hibernate.
However, I can not find how Ubuntu now configures device access. This
used to be done by the old policykit, but can not find any polikit-1
"action" that would give me direct access to devices. However, if I
getfacl devices like sr0 and audio, something is granting rw to the user
of the active console. Any suggestions as to where to look for this
configuration would be welcome.
Re: Karmic PolicyKit-1, grant access to user [solved]
Device access permissions have been removed from policykit altogether,
and are now managed directed from udev. Devices for which console users
are given rw are defined in /lib/udev/rules.d/70-acl.rules
It's easy enough to comment out a device class, and your back to the old
fashioned group based permissions.
Unfortunately, editing this file directly is 'bad' because your edits
won't persist updates, and I couldn't figure out how to interject a user
defined file that would have the same effect.
Regardless, I've figured out how to work around most of the missing
configuration utilities that were destroyed in the move to Karmic, and
it only took 1 bottle of scotch.
Re: Karmic PolicyKit-1, grant access to user [not-solved]
Except that the audio group doesn't work.. When Rythmbox is playing, if
you switch VT to a different user, it looses permission to whatever
device is being used to output sound.... must be a device not getting
the right group permissions.
Re: Karmic PolicyKit-1, grant access to user
None of the following is to imply that I have any clue about policykit-1
(yet) :-)
$ sudo apt-get install policykit-1-doc
These also might be of help/interest:
https://bugs.launchpad.net/ubuntu/+source/policykit/+bug/448192
[note comment 6]
https://bugs.launchpad.net/ubuntu/+source/aptdaemon/+bug/448810
[note comments 8 & 12]
http://ubuntuforums.org/showthread.php?t=1308528
/usr/share/polkit-1/actions seems to be the key, but I reckon will take
some time to figure out until a gui like the old policykit-gnome comes
along.
$ pkaction will list registered PolicyKit actions (see man pkaction).
Re: Karmic PolicyKit-1, grant access to user
Yup, I got the pkaction list, and was able to customize those actions,
works a treat.. but I can't figure out which action, if any, gives
direct access to devices.... .I'm starting to think that was moved out
of policykit, and is maybe somewhere lower level in consolekit.... arrrgh.
And no help from Fedora in this case either.. they haven't jumped ship
yet.. (smart buggers)
Re: Karmic PolicyKit-1, grant access to user
See the "Yup, Karmic is somewhat of a disaster" thread?
$ sudo apt-get install policykit-gnome
$ sudo update-menus
System|Administration|Authorizations
Re: Karmic PolicyKit-1, grant access to user
heh, you need to keep up with the thread a bit yourself :) been there,
done that.