You are not logged in.
- Topics: Active | Unanswered
Pages: 1
#1 Other Issues » Policykit issues » 2018-04-25 14:49:35
- aardvark
- Replies: 1
In an effort to learn the policykit framework, I am trying to disallow any desktop user
in the group "desktop" from rebooting or shutdown. In spite of all configuration which
should accomplish this, any user in the desktop group is still able to reboot/shutdown.
I am running ascii_2.0.0-beta_amd64. Here are my configs:
C:\> cat /etc/polkit-1/localauthority.conf.d/60-desktop-policy.conf
[Configuration]
AdminIdentities=unix-group:desktop
C:\> cat /etc/polkit-1/localauthority/50-local.d/70-org.example.pkla
[Disallowed Lusers]
Identity=unix-group:desktop
Action=org.freedesktop.consolekit.*
ResultAny=no
ResultInactive=no
ResultActive=no
C:\> cat /etc/polkit-1/rules.d/70-shutdown.rules
polkit.addRule(
function(action, subject) {
if (action.id == "org.freedesktop.consolekit.system.stop" && subject.isInGroup("desktop") ) {
return polkit.Result.NO;
}
}
});
C:\> cat /usr/share/polkit-1/actions/org.freedesktop.consolekit.policy
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE policyconfig PUBLIC
"-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
"http://www.freedesktop.org/standards/PolicyKit/1.0/policyconfig.dtd">
<!--
Policy definitions for ConsoleKit
-->
<policyconfig>
<action id="org.freedesktop.consolekit.system.stop">
<description>Stop the system</description>
<message>System policy prevents stopping the system</message>
<defaults>
<allow_inactive>no</allow_inactive>
<allow_active>no</allow_active>
</defaults>
</action>
<action id="org.freedesktop.consolekit.system.stop-multiple-users">
<description>Stop the system when multiple users are logged in</description>
<message>System policy prevents stopping the system when other users are logged in</message>
<defaults>
<allow_inactive>no</allow_inactive>
<allow_active>no</allow_active>
</default>
</action>
<action id="org.freedesktop.consolekit.system.restart">
<description>Restart the system</description>
<message>System policy prevents restarting the system</message>
<defaults>
<allow_inactive>no</allow_inactive>
<allow_active>no</allow_active>
</defaults>
</action>
<action id="org.freedesktop.consolekit.system.restart-multiple-users">
<description>Restart the system when multiple users are logged in</description>
<message>System policy prevents restarting the system when other users are logged in</message>
<defaults>
<allow_inactive>no</allow_inactive>
<allow_active>no</allow_active>
</defaults>
</action>
</policyconfig>Maybe someone can tell me what I'm missing here ?
Thank you.
Pages: 1
Board footer
