On 07/21/2014 07:57 PM, Russell Doty wrote:
On Thu, 2014-07-17 at 10:38 +0200, Jan Safranek wrote:
> Hello,
>
> I've been working on reusing polkit authorization for OpenLMI providers,
> which use a DBus service (e.g. NetworkManager, PackageKit, realmd,
> systemd, ...).
Jan, can customers modify or create access policies or is this hardcoded
into the Providers?
People can freely modify the policy, it's just bunch of files in
/etc/polkit-1. By default, the policy is empty and the default one
applies, in Fedora it means that members of 'wheel' group are de-facto
sysadmins and can do anything.
Just FYI, the policy files in /etc are javascript, which brings great
flexibility (jsafrane can set locale only on Monday and only when it's
not raining), on the other hand, there is no way, how to edit these
files from API (you would need to parse full javascript semantics).
Jan