FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Ubuntu > Ubuntu User

 
 
LinkBack Thread Tools
 
Old 11-10-2009, 01:30 AM
Rashkae
 
Default Karmic PolicyKit-1, grant access to user

As I discussed earlier in my rant thread, PolicyKit has been replaced
with PolicyKit-1, but there is now no gui to configure any of the policies.

It was easy enough to find the /usr/share/polikit-1 folder and I can
modify the entries there to change the deault policies to my heart's
content, but I can't figure out how grant access to a specific user.

For a real world example, suppose I want to give my primary user
permission to use sound devices, whether or not I'm currently the active
console user. (This is something I did in Jaunty so music would keep on
playing even though I'm logging in to another system remotely on a
second x session.)

I can't even find in what file that setting is stored in the old
policykit, let alone how to transfer it to policykit-1


--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 11-10-2009, 02:24 AM
NoOp
 
Default Karmic PolicyKit-1, grant access to user

On 11/09/2009 06:30 PM, Rashkae wrote:
> As I discussed earlier in my rant thread, PolicyKit has been replaced
> with PolicyKit-1, but there is now no gui to configure any of the policies.
>
> It was easy enough to find the /usr/share/polikit-1 folder and I can
> modify the entries there to change the deault policies to my heart's
> content, but I can't figure out how grant access to a specific user.
>
> For a real world example, suppose I want to give my primary user
> permission to use sound devices, whether or not I'm currently the active
> console user. (This is something I did in Jaunty so music would keep on
> playing even though I'm logging in to another system remotely on a
> second x session.)
>
> I can't even find in what file that setting is stored in the old
> policykit, let alone how to transfer it to policykit-1
>
>

See the "Yup, Karmic is somewhat of a disaster" thread?

$ sudo apt-get install policykit-gnome
$ sudo update-menus
System|Administration|Authorizations



--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 11-10-2009, 02:36 AM
Rashkae
 
Default Karmic PolicyKit-1, grant access to user

NoOp wrote:
> On 11/09/2009 06:30 PM, Rashkae wrote:
>> As I discussed earlier in my rant thread, PolicyKit has been replaced
>> with PolicyKit-1, but there is now no gui to configure any of the policies.
>>
>> It was easy enough to find the /usr/share/polikit-1 folder and I can
>> modify the entries there to change the deault policies to my heart's
>> content, but I can't figure out how grant access to a specific user.
>>
>> For a real world example, suppose I want to give my primary user
>> permission to use sound devices, whether or not I'm currently the active
>> console user. (This is something I did in Jaunty so music would keep on
>> playing even though I'm logging in to another system remotely on a
>> second x session.)
>>
>> I can't even find in what file that setting is stored in the old
>> policykit, let alone how to transfer it to policykit-1
>>
>>
>
> See the "Yup, Karmic is somewhat of a disaster" thread?
>
> $ sudo apt-get install policykit-gnome
> $ sudo update-menus
> System|Administration|Authorizations
>

heh, you need to keep up with the thread a bit yourself been there,
done that.


--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 11-10-2009, 02:02 PM
Rashkae
 
Default Karmic PolicyKit-1, grant access to user

Rashkae wrote:
> As I discussed earlier in my rant thread, PolicyKit has been replaced
> with PolicyKit-1, but there is now no gui to configure any of the policies.
>
> It was easy enough to find the /usr/share/polikit-1 folder and I can
> modify the entries there to change the deault policies to my heart's
> content, but I can't figure out how grant access to a specific user.
>
> For a real world example, suppose I want to give my primary user
> permission to use sound devices, whether or not I'm currently the active
> console user. (This is something I did in Jaunty so music would keep on
> playing even though I'm logging in to another system remotely on a
> second x session.)
>
> I can't even find in what file that setting is stored in the old
> policykit, let alone how to transfer it to policykit-1
>
>


Getting closer:

I found the appropriate documentaion here:

http://hal.freedesktop.org/docs/polkit/pklocalauthority.8.html

And can now control such things as power suspend and hibernate.

However, I can not find how Ubuntu now configures device access. This
used to be done by the old policykit, but can not find any polikit-1
"action" that would give me direct access to devices. However, if I
getfacl devices like sr0 and audio, something is granting rw to the user
of the active console. Any suggestions as to where to look for this
configuration would be welcome.




--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 11-10-2009, 05:33 PM
NoOp
 
Default Karmic PolicyKit-1, grant access to user

On 11/10/2009 07:02 AM, Rashkae wrote:
> Rashkae wrote:
>> As I discussed earlier in my rant thread, PolicyKit has been replaced
>> with PolicyKit-1, but there is now no gui to configure any of the policies.
>>
>> It was easy enough to find the /usr/share/polikit-1 folder and I can
>> modify the entries there to change the deault policies to my heart's
>> content, but I can't figure out how grant access to a specific user.
>>
>> For a real world example, suppose I want to give my primary user
>> permission to use sound devices, whether or not I'm currently the active
>> console user. (This is something I did in Jaunty so music would keep on
>> playing even though I'm logging in to another system remotely on a
>> second x session.)
>>
>> I can't even find in what file that setting is stored in the old
>> policykit, let alone how to transfer it to policykit-1
>>
>>
>
>
> Getting closer:
>
> I found the appropriate documentaion here:
>
> http://hal.freedesktop.org/docs/polkit/pklocalauthority.8.html
>
> And can now control such things as power suspend and hibernate.
>
> However, I can not find how Ubuntu now configures device access. This
> used to be done by the old policykit, but can not find any polikit-1
> "action" that would give me direct access to devices. However, if I
> getfacl devices like sr0 and audio, something is granting rw to the user
> of the active console. Any suggestions as to where to look for this
> configuration would be welcome.

None of the following is to imply that I have any clue about policykit-1
(yet) :-)

$ sudo apt-get install policykit-1-doc

These also might be of help/interest:
https://bugs.launchpad.net/ubuntu/+source/policykit/+bug/448192
[note comment 6]
https://bugs.launchpad.net/ubuntu/+source/aptdaemon/+bug/448810
[note comments 8 & 12]
http://ubuntuforums.org/showthread.php?t=1308528

/usr/share/polkit-1/actions seems to be the key, but I reckon will take
some time to figure out until a gui like the old policykit-gnome comes
along.

$ pkaction will list registered PolicyKit actions (see man pkaction).


--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 11-10-2009, 05:46 PM
Rashkae
 
Default Karmic PolicyKit-1, grant access to user

NoOp wrote:
> On 11/10/2009 07:02 AM, Rashkae wrote:
>> Rashkae wrote:
>>> As I discussed earlier in my rant thread, PolicyKit has been replaced
>>> with PolicyKit-1, but there is now no gui to configure any of the policies.
>>>
>>> It was easy enough to find the /usr/share/polikit-1 folder and I can
>>> modify the entries there to change the deault policies to my heart's
>>> content, but I can't figure out how grant access to a specific user.
>>>
>>> For a real world example, suppose I want to give my primary user
>>> permission to use sound devices, whether or not I'm currently the active
>>> console user. (This is something I did in Jaunty so music would keep on
>>> playing even though I'm logging in to another system remotely on a
>>> second x session.)
>>>
>>> I can't even find in what file that setting is stored in the old
>>> policykit, let alone how to transfer it to policykit-1
>>>
>>>
>>
>> Getting closer:
>>
>> I found the appropriate documentaion here:
>>
>> http://hal.freedesktop.org/docs/polkit/pklocalauthority.8.html
>>
>> And can now control such things as power suspend and hibernate.
>>
>> However, I can not find how Ubuntu now configures device access. This
>> used to be done by the old policykit, but can not find any polikit-1
>> "action" that would give me direct access to devices. However, if I
>> getfacl devices like sr0 and audio, something is granting rw to the user
>> of the active console. Any suggestions as to where to look for this
>> configuration would be welcome.
>
> None of the following is to imply that I have any clue about policykit-1
> (yet) :-)
>
> $ sudo apt-get install policykit-1-doc
>
> These also might be of help/interest:
> https://bugs.launchpad.net/ubuntu/+source/policykit/+bug/448192
> [note comment 6]
> https://bugs.launchpad.net/ubuntu/+source/aptdaemon/+bug/448810
> [note comments 8 & 12]
> http://ubuntuforums.org/showthread.php?t=1308528
>
> /usr/share/polkit-1/actions seems to be the key, but I reckon will take
> some time to figure out until a gui like the old policykit-gnome comes
> along.
>
> $ pkaction will list registered PolicyKit actions (see man pkaction).
>
>

Yup, I got the pkaction list, and was able to customize those actions,
works a treat.. but I can't figure out which action, if any, gives
direct access to devices.... .I'm starting to think that was moved out
of policykit, and is maybe somewhere lower level in consolekit.... arrrgh.

And no help from Fedora in this case either.. they haven't jumped ship
yet.. (smart buggers)


--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 11-10-2009, 06:45 PM
Rashkae
 
Default Karmic PolicyKit-1, grant access to user

Rashkae wrote:

>
> However, I can not find how Ubuntu now configures device access. This
> used to be done by the old policykit, but can not find any polikit-1
> "action" that would give me direct access to devices. However, if I
> getfacl devices like sr0 and audio, something is granting rw to the user
> of the active console. Any suggestions as to where to look for this
> configuration would be welcome.
>
>
>
>

Device access permissions have been removed from policykit altogether,
and are now managed directed from udev. Devices for which console users
are given rw are defined in /lib/udev/rules.d/70-acl.rules

It's easy enough to comment out a device class, and your back to the old
fashioned group based permissions.

Unfortunately, editing this file directly is 'bad' because your edits
won't persist updates, and I couldn't figure out how to interject a user
defined file that would have the same effect.

Regardless, I've figured out how to work around most of the missing
configuration utilities that were destroyed in the move to Karmic, and
it only took 1 bottle of scotch.


--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 11-10-2009, 07:03 PM
Rashkae
 
Default Karmic PolicyKit-1, grant access to user

Rashkae wrote:

> Regardless, I've figured out how to work around most of the missing
> configuration utilities that were destroyed in the move to Karmic, and
> it only took 1 bottle of scotch.
>
>

Except that the audio group doesn't work.. When Rythmbox is playing, if
you switch VT to a different user, it looses permission to whatever
device is being used to output sound.... must be a device not getting
the right group permissions.


--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 11-11-2009, 06:22 AM
Nikita Manovich
 
Default Karmic PolicyKit-1, grant access to user

On Mon, 2009-11-09 at 21:30 -0500, Rashkae wrote:
> As I discussed earlier in my rant thread, PolicyKit has been replaced
> with PolicyKit-1, but there is now no gui to configure any of the policies.
>
> It was easy enough to find the /usr/share/polikit-1 folder and I can
> modify the entries there to change the deault policies to my heart's
> content, but I can't figure out how grant access to a specific user.
>
> For a real world example, suppose I want to give my primary user
> permission to use sound devices, whether or not I'm currently the active
> console user. (This is something I did in Jaunty so music would keep on
> playing even though I'm logging in to another system remotely on a
> second x session.)
>
> I can't even find in what file that setting is stored in the old
> policykit, let alone how to transfer it to policykit-1
>
>

Probably here (https://bugs.launchpad.net/bugs/465054 ) you can find an
answer... You can write a .pkla file:

/var/lib/polkit-1/localauthority/50-local.d/custom-actions.pkla:
[Actions for rashkae user]
Identity=unix-user:rashkae
Action=<a sound action>
ResultActive=yes
ResultAny=auth_admin
ResultInactive=yes

See "man pklocalauthority" for more details.

--
Best regards,
Nikita Manovich.


--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 11-11-2009, 11:48 AM
Rashkae
 
Default Karmic PolicyKit-1, grant access to user

Nikita Manovich wrote:
> On Mon, 2009-11-09 at 21:30 -0500, Rashkae wrote:
>> As I discussed earlier in my rant thread, PolicyKit has been replaced
>> with PolicyKit-1, but there is now no gui to configure any of the policies.
>>
>> It was easy enough to find the /usr/share/polikit-1 folder and I can
>> modify the entries there to change the deault policies to my heart's
>> content, but I can't figure out how grant access to a specific user.
>>
>> For a real world example, suppose I want to give my primary user
>> permission to use sound devices, whether or not I'm currently the active
>> console user. (This is something I did in Jaunty so music would keep on
>> playing even though I'm logging in to another system remotely on a
>> second x session.)
>>
>> I can't even find in what file that setting is stored in the old
>> policykit, let alone how to transfer it to policykit-1
>>
>>
>
> Probably here (https://bugs.launchpad.net/bugs/465054 ) you can find an
> answer... You can write a .pkla file:
>
> /var/lib/polkit-1/localauthority/50-local.d/custom-actions.pkla:
> [Actions for rashkae user]
> Identity=unix-user:rashkae
> Action=<a sound action>
> ResultActive=yes
> ResultAny=auth_admin
> ResultInactive=yes
>
> See "man pklocalauthority" for more details.
>

Thanks Nikita, but unfortunately, it's not so easy.

After I had found the details for creating the local-authority files, it
turns out that permission to devices has been removed from policykit and
the job now rests directly with udev. Specifically, udev rules file
70-acl.rules, which works with consolekit to give acl permission to some
devices to teh active console user.


--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 

Thread Tools




All times are GMT. The time now is 06:46 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org