Re: Embarrassing security bug in systemd
On Sun, 10 Dec 2017 00:13:59 +0100
Dejan Jocic <jodejka@gmail.com> wrote:
>
> Man page for pklocalauthority is bit more helpful, but far from self
> explanatory.
And not updated for Debian.
> In its examples section, it provides some insight about
> writing .pkla files, but it does not show all possible options, or at
> least I can't be sure that it does. For example:
>
> [Exclude Some Problematic Users]
> Identity=unix-user:homer;unix-user:grimes
> Action=com.example.awesomeproduct.*
> ResultAny=no
> ResultInactive=no
> ResultActive=auth_admin
>
> According to that, and after reading man page for polkit, I can only
> deduct that .pkla file will for that example in that
> com.example.awesomeproduct.* files reads lines under defaults and
> "answer" on allow_any and allow_inactive with no value and on
> allow_active with auth_admin value. Fine, that can work. Guess that
> you can use wildecards for all users, like unix-user:*, but that is
> only guess, cause I can't see it documented anywhere ( might have
> missed it). What I also do not see anywhere is if those are the only
> options available? Or there is some man page, or additional
> documentation in Debian that can explain that?
>
More examples, and in fact, all the Debian policies, are *.policy
files and under /usr/share/polkit-1, as Brian pointed out.
--
Joe
Reply to: