Re: Running GParted and Synaptic without entering password

To: debian-user@lists.debian.org
Subject: Re: Running GParted and Synaptic without entering password
From: John Crawley <john@bunsenlabs.org>
Date: Wed, 16 May 2018 14:36:04 +0900
Message-id: <[🔎] 577f52c0-3b39-5b7c-0ef9-85859997d598@bunsenlabs.org>
Reply-to: john@bunsenlabs.org
In-reply-to: <[🔎] 96beb414-1411-245c-47c6-ded766de30a5@cloud85.net>
References: <[🔎] 3bf7e63c-2313-e723-14f4-08222d103fb0@cloud85.net> <[🔎] 2b2877c2-f38b-dd57-8ba6-349b629d312c@googlemail.com> <[🔎] d8500d13-0031-c4c2-b80d-77e5e9c06d6a@cloud85.net> <[🔎] 20180514085647.55e46c6d@jresid.jretrading.com> <[🔎] 3d47a6d4-10b3-d92e-4d7c-ad85c76bc4b6@bunsenlabs.org> <[🔎] 96beb414-1411-245c-47c6-ded766de30a5@cloud85.net>

On 2018-05-15 22:24, Richard Owlett wrote:

On 05/15/2018 12:48 AM, John Crawley (johnraff) wrote:
Policykit brings its own complications, but I think it should bepossible to create a .pkla file in /var/lib/polkit-1/localauthority toallow a certain user, or group member, to perform an action defined in/usr/share/polkit-1/actions/* without a password. You could even add anew action if necessary.
Through a chain of references I discovered
   /usr/share/polkit-1/actions/com.ubuntu.pkexec.gparted.policy

The initial lines read:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE policyconfig PUBLIC
 "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
 "http://www.freedesktop.org/standards/PolicyKit/1/policyconfig.dtd";>
<policyconfig>
However
   [http://www.freedesktop.org/standards/PolicyKit/1/policyconfig.dtd]
gives a 404 File not found message.


Indeed. Even so, that seems to be what is required in the xml.

Where would I find its syntax?

I had a similar problem a while ago and found internet searches to besomewhat helpful.

This is not Debian, but on-topic:
https://wiki.archlinux.org/index.php/Polkit
And:
https://www.freedesktop.org/software/polkit/docs/0.105/pklocalauthority.8.html
http://davidz25.blogspot.jp/2012/06/authorization-rules-in-polkit.html
https://github.com/systemd/systemd/issues/5523

It seems polkit want to shift from .pkla files to (javascript-like).rules files, but at the moment both might work on Debian, so usewhichever you feel less uncomfortable with.

I used a .pkla file in /var/lib/polkit-1/localauthority/10-vendor.d/. Ifyou search for *.pkla files on your system, there might be some there,or in /etc/polkit-1/localauthority/* to use as a template.

By a convoluted path I found:
[https://www.freedesktop.org/software/polkit/docs/latest/polkit.8.html]
Its last example strongly suggests I can do just what I want withoutmessing up other users &/or apps.

That's what I think too. Just as an untested guess, since the action isalready defined, something like this in/etc/polkit-1/localauthority/50-local.d/gparted.pkla?


[Allow specific user to use gparted]
Identity=unix-user:yourusername
Action=com.ubuntu.pkexec.gparted
ResultAny=no
ResultInactive=no
ResultActive=yes

BTW To see the currently defined actions on your system, try this:

cat /usr/share/polkit-1/actions/* | grep -E'(<action|<description>|<message>|<allow|</action>)'|sed's/<\/action>/\n/g;s/<\/[^>]*>//g'

But you can add one of your own too.

--
John

Reply to:

Follow-Ups:
- Re: Running GParted and Synaptic without entering password
  - From: Richard Owlett <rowlett@cloud85.net>

References:
- Running GParted and Synaptic without entering password
  - From: Richard Owlett <rowlett@cloud85.net>
- Re: Running GParted and Synaptic without entering password
  - From: "tv.debian@googlemail.com" <tv.debian@googlemail.com>
- Re: Running GParted and Synaptic without entering password
  - From: Richard Owlett <rowlett@cloud85.net>
- Re: Running GParted and Synaptic without entering password
  - From: Joe <joe@jretrading.com>
- Re: Running GParted and Synaptic without entering password
  - From: "John Crawley (johnraff)" <john@bunsenlabs.org>
- Re: Running GParted and Synaptic without entering password
  - From: Richard Owlett <rowlett@cloud85.net>

Prev by Date: Re: How to rebuild the keys for APT.
Next by Date: Encrypted containers & the Debian installer.
Previous by thread: Re: Running GParted and Synaptic without entering password
Next by thread: Re: Running GParted and Synaptic without entering password
Index(es):
- Date
- Thread