Nuke desktop_admin_r and desktop_user_r groups - just use the
wheel group instead (#688363) Update the set of configuration directives that gives users in the wheel group extra privileges
This commit is contained in:
parent
b834027a7c
commit
9fa422d544
55
polkit.spec
55
polkit.spec
@ -1,7 +1,7 @@
|
|||||||
Summary: PolicyKit Authorization Framework
|
Summary: PolicyKit Authorization Framework
|
||||||
Name: polkit
|
Name: polkit
|
||||||
Version: 0.101
|
Version: 0.101
|
||||||
Release: 1%{?dist}
|
Release: 2%{?dist}
|
||||||
License: LGPLv2+
|
License: LGPLv2+
|
||||||
URL: http://www.freedesktop.org/wiki/Software/PolicyKit
|
URL: http://www.freedesktop.org/wiki/Software/PolicyKit
|
||||||
Source0: http://hal.freedesktop.org/releases/%{name}-%{version}.tar.gz
|
Source0: http://hal.freedesktop.org/releases/%{name}-%{version}.tar.gz
|
||||||
@ -51,15 +51,17 @@ Provides: PolicyKit-docs = 0.11
|
|||||||
Development documentation for PolicyKit.
|
Development documentation for PolicyKit.
|
||||||
|
|
||||||
%package desktop-policy
|
%package desktop-policy
|
||||||
Summary: Roles and default policy for desktop usage
|
Summary: PolicyKit policy for desktop users
|
||||||
Group: Development/Libraries
|
Group: Development/Libraries
|
||||||
#Requires: %name = %{version}-%{release}
|
#Requires: %name = %{version}-%{release}
|
||||||
Requires(pre): /usr/sbin/groupadd
|
|
||||||
Requires(preun): /usr/sbin/groupdel
|
|
||||||
BuildArch: noarch
|
BuildArch: noarch
|
||||||
|
|
||||||
%description desktop-policy
|
%description desktop-policy
|
||||||
Roles and default policy for desktop usage.
|
This package contains configuration directives to make PolicyKit use
|
||||||
|
members of the wheel group when administrator authentication is
|
||||||
|
required. Additionally, the package also contain configuration
|
||||||
|
directives to allow users in the wheel group to do certain actions
|
||||||
|
without being interrupted by password dialogs
|
||||||
|
|
||||||
%prep
|
%prep
|
||||||
%setup -q
|
%setup -q
|
||||||
@ -88,40 +90,29 @@ rm -f $RPM_BUILD_ROOT%{_libdir}/polkit-1/extensions/*.la
|
|||||||
###
|
###
|
||||||
|
|
||||||
cat > $RPM_BUILD_ROOT%{_sysconfdir}/polkit-1/localauthority.conf.d/60-desktop-policy.conf << EOF
|
cat > $RPM_BUILD_ROOT%{_sysconfdir}/polkit-1/localauthority.conf.d/60-desktop-policy.conf << EOF
|
||||||
# This allows users in the desktop_admin_r group to authenticate as
|
# This allows users in the wheel group to authenticate as the
|
||||||
# the administrator.
|
# administrator.
|
||||||
#
|
#
|
||||||
# DO NOT EDIT THIS FILE, it will be overwritten on update.
|
# DO NOT EDIT THIS FILE, it will be overwritten on update.
|
||||||
|
|
||||||
[Configuration]
|
[Configuration]
|
||||||
AdminIdentities=unix-group:desktop_admin_r
|
AdminIdentities=unix-group:wheel
|
||||||
EOF
|
EOF
|
||||||
|
|
||||||
cat > $RPM_BUILD_ROOT%{_localstatedir}/lib/polkit-1/localauthority/10-vendor.d/10-desktop-policy.pkla << EOF
|
cat > $RPM_BUILD_ROOT%{_localstatedir}/lib/polkit-1/localauthority/10-vendor.d/10-desktop-policy.pkla << EOF
|
||||||
# Authorizations/policy for the desktop_admin_r and desktop_user_r groups.
|
# Authorizations/policy for the wheel group.
|
||||||
#
|
#
|
||||||
# DO NOT EDIT THIS FILE, it will be overwritten on update.
|
# DO NOT EDIT THIS FILE, it will be overwritten on update.
|
||||||
|
|
||||||
# Allow "standard users" to do some things without being interrupted by
|
|
||||||
# password dialogs (TODO: not complete)
|
|
||||||
#
|
#
|
||||||
[Desktop User Permissions]
|
# Allow users in the wheel group to do certain actions without being
|
||||||
|
# interrupted by password dialogs
|
||||||
|
#
|
||||||
|
[Wheel Group Permissions]
|
||||||
Identity=unix-group:desktop_user_r
|
Identity=unix-group:desktop_user_r
|
||||||
Action=org.gnome.clockapplet.mechanism.settimezone
|
Action=org.gnome.clockapplet.mechanism.*;org.freedesktop.RealtimeKit1.*;org.freedesktop.udisks.filesystem-mount-system-internal
|
||||||
ResultAny=no
|
ResultAny=auth_admin
|
||||||
ResultInactive=no
|
ResultInactive=auth_admin
|
||||||
ResultActive=yes
|
ResultActive=yes
|
||||||
|
|
||||||
# Allow "administrative users" to do a lot of things without being interrupted by
|
|
||||||
# password dialogs (TODO: not complete)
|
|
||||||
#
|
|
||||||
[Desktop Administrator Permissions]
|
|
||||||
Identity=unix-group:desktop_admin_r
|
|
||||||
Action=org.gnome.clockapplet.mechanism.*;org.freedesktop.udisks.*;org.freedesktop.RealtimeKit1.*
|
|
||||||
ResultAny=no
|
|
||||||
ResultInactive=no
|
|
||||||
ResultActive=yes
|
|
||||||
|
|
||||||
EOF
|
EOF
|
||||||
|
|
||||||
###
|
###
|
||||||
@ -132,10 +123,6 @@ EOF
|
|||||||
|
|
||||||
%postun -p /sbin/ldconfig
|
%postun -p /sbin/ldconfig
|
||||||
|
|
||||||
%pre desktop-policy
|
|
||||||
/usr/sbin/groupadd -r desktop_admin_r 2> /dev/null || :
|
|
||||||
/usr/sbin/groupadd -r desktop_user_r 2> /dev/null || :
|
|
||||||
|
|
||||||
%files desktop-policy
|
%files desktop-policy
|
||||||
%{_sysconfdir}/polkit-1/localauthority.conf.d/60-desktop-policy.conf
|
%{_sysconfdir}/polkit-1/localauthority.conf.d/60-desktop-policy.conf
|
||||||
%{_localstatedir}/lib/polkit-1/localauthority/10-vendor.d/10-desktop-policy.pkla
|
%{_localstatedir}/lib/polkit-1/localauthority/10-vendor.d/10-desktop-policy.pkla
|
||||||
@ -188,6 +175,12 @@ EOF
|
|||||||
%{_datadir}/gtk-doc
|
%{_datadir}/gtk-doc
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu Mar 17 2011 David Zeuthen <davidz@redhat.com> - 0.101-2
|
||||||
|
- Nuke desktop_admin_r and desktop_user_r groups - just use the
|
||||||
|
wheel group instead (#688363)
|
||||||
|
- Update the set of configuration directives that gives users
|
||||||
|
in the wheel group extra privileges
|
||||||
|
|
||||||
* Thu Mar 03 2011 David Zeuthen <davidz@redhat.com> - 0.101-1
|
* Thu Mar 03 2011 David Zeuthen <davidz@redhat.com> - 0.101-1
|
||||||
- New upstream version
|
- New upstream version
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user