[polkit/f15/master] Nuke desktop_admin_r and desktop_user_r groups - just use the wheel group instead (#688363) Update t
David Zeuthen
davidz at fedoraproject.org
Thu Mar 17 14:42:26 UTC 2011
commit 9fa422d5441f0d06e0b1d992cc3c270bc2c35c70
Author: David Zeuthen <davidz at redhat.com>
Date: Thu Mar 17 10:41:49 2011 -0400
Nuke desktop_admin_r and desktop_user_r groups - just use the
wheel group instead (#688363)
Update the set of configuration directives that gives users
in the wheel group extra privileges
polkit.spec | 55 ++++++++++++++++++++++++-------------------------------
1 files changed, 24 insertions(+), 31 deletions(-)
---
diff --git a/polkit.spec b/polkit.spec
index bbf07b8..6e6fed3 100644
--- a/polkit.spec
+++ b/polkit.spec
@@ -1,7 +1,7 @@
Summary: PolicyKit Authorization Framework
Name: polkit
Version: 0.101
-Release: 1%{?dist}
+Release: 2%{?dist}
License: LGPLv2+
URL: http://www.freedesktop.org/wiki/Software/PolicyKit
Source0: http://hal.freedesktop.org/releases/%{name}-%{version}.tar.gz
@@ -51,15 +51,17 @@ Provides: PolicyKit-docs = 0.11
Development documentation for PolicyKit.
%package desktop-policy
-Summary: Roles and default policy for desktop usage
+Summary: PolicyKit policy for desktop users
Group: Development/Libraries
#Requires: %name = %{version}-%{release}
-Requires(pre): /usr/sbin/groupadd
-Requires(preun): /usr/sbin/groupdel
BuildArch: noarch
%description desktop-policy
-Roles and default policy for desktop usage.
+This package contains configuration directives to make PolicyKit use
+members of the wheel group when administrator authentication is
+required. Additionally, the package also contain configuration
+directives to allow users in the wheel group to do certain actions
+without being interrupted by password dialogs
%prep
%setup -q
@@ -88,40 +90,29 @@ rm -f $RPM_BUILD_ROOT%{_libdir}/polkit-1/extensions/*.la
###
cat > $RPM_BUILD_ROOT%{_sysconfdir}/polkit-1/localauthority.conf.d/60-desktop-policy.conf << EOF
-# This allows users in the desktop_admin_r group to authenticate as
-# the administrator.
+# This allows users in the wheel group to authenticate as the
+# administrator.
#
# DO NOT EDIT THIS FILE, it will be overwritten on update.
[Configuration]
-AdminIdentities=unix-group:desktop_admin_r
+AdminIdentities=unix-group:wheel
EOF
cat > $RPM_BUILD_ROOT%{_localstatedir}/lib/polkit-1/localauthority/10-vendor.d/10-desktop-policy.pkla << EOF
-# Authorizations/policy for the desktop_admin_r and desktop_user_r groups.
+# Authorizations/policy for the wheel group.
#
# DO NOT EDIT THIS FILE, it will be overwritten on update.
-
-# Allow "standard users" to do some things without being interrupted by
-# password dialogs (TODO: not complete)
#
-[Desktop User Permissions]
-Identity=unix-group:desktop_user_r
-Action=org.gnome.clockapplet.mechanism.settimezone
-ResultAny=no
-ResultInactive=no
-ResultActive=yes
-
-# Allow "administrative users" to do a lot of things without being interrupted by
-# password dialogs (TODO: not complete)
+# Allow users in the wheel group to do certain actions without being
+# interrupted by password dialogs
#
-[Desktop Administrator Permissions]
-Identity=unix-group:desktop_admin_r
-Action=org.gnome.clockapplet.mechanism.*;org.freedesktop.udisks.*;org.freedesktop.RealtimeKit1.*
-ResultAny=no
-ResultInactive=no
+[Wheel Group Permissions]
+Identity=unix-group:desktop_user_r
+Action=org.gnome.clockapplet.mechanism.*;org.freedesktop.RealtimeKit1.*;org.freedesktop.udisks.filesystem-mount-system-internal
+ResultAny=auth_admin
+ResultInactive=auth_admin
ResultActive=yes
-
EOF
###
@@ -132,10 +123,6 @@ EOF
%postun -p /sbin/ldconfig
-%pre desktop-policy
-/usr/sbin/groupadd -r desktop_admin_r 2> /dev/null || :
-/usr/sbin/groupadd -r desktop_user_r 2> /dev/null || :
-
%files desktop-policy
%{_sysconfdir}/polkit-1/localauthority.conf.d/60-desktop-policy.conf
%{_localstatedir}/lib/polkit-1/localauthority/10-vendor.d/10-desktop-policy.pkla
@@ -188,6 +175,12 @@ EOF
%{_datadir}/gtk-doc
%changelog
+* Thu Mar 17 2011 David Zeuthen <davidz at redhat.com> - 0.101-2
+- Nuke desktop_admin_r and desktop_user_r groups - just use the
+ wheel group instead (#688363)
+- Update the set of configuration directives that gives users
+ in the wheel group extra privileges
+
* Thu Mar 03 2011 David Zeuthen <davidz at redhat.com> - 0.101-1
- New upstream version
More information about the scm-commits
mailing list