Nuke desktop_admin_r and desktop_user_r groups - just use the

wheel group instead (#688363) Update the set of configuration directives that gives users in the wheel group extra privileges
2011-03-17 10:41:49 -04:00 · 2011-03-17 10:41:49 -04:00 · 9fa422d544
parent b834027a7c
commit 9fa422d544
1 changed files with 24 additions and 31 deletions
--- a/polkit.spec
+++ b/polkit.spec
@ -1,7 +1,7 @@
 Summary: PolicyKit Authorization Framework
 Name: polkit
 Version: 0.101
-Release: 1%{?dist}
+Release: 2%{?dist}
 License: LGPLv2+
 URL: http://www.freedesktop.org/wiki/Software/PolicyKit
 Source0: http://hal.freedesktop.org/releases/%{name}-%{version}.tar.gz
@ -51,15 +51,17 @@ Provides: PolicyKit-docs = 0.11
 Development documentation for PolicyKit.
 %package desktop-policy
-Summary: Roles and default policy for desktop usage
+Summary: PolicyKit policy for desktop users
 Group: Development/Libraries
 #Requires: %name = %{version}-%{release}
 Requires(pre): /usr/sbin/groupadd
 Requires(preun): /usr/sbin/groupdel
 BuildArch: noarch
 %description desktop-policy
-Roles and default policy for desktop usage.
+This package contains configuration directives to make PolicyKit use
 members of the wheel group when administrator authentication is
 required. Additionally, the package also contain configuration
 directives to allow users in the wheel group to do certain actions
 without being interrupted by password dialogs
 %prep
 %setup -q
@ -88,40 +90,29 @@ rm -f $RPM_BUILD_ROOT%{_libdir}/polkit-1/extensions/*.la
 ###
 cat > $RPM_BUILD_ROOT%{_sysconfdir}/polkit-1/localauthority.conf.d/60-desktop-policy.conf << EOF
-# This allows users in the desktop_admin_r group to authenticate as
+# This allows users in the wheel group to authenticate as the
-# the administrator.
+# administrator.
 #
 # DO NOT EDIT THIS FILE, it will be overwritten on update.
 [Configuration]
-AdminIdentities=unix-group:desktop_admin_r
+AdminIdentities=unix-group:wheel
 EOF
 cat > $RPM_BUILD_ROOT%{_localstatedir}/lib/polkit-1/localauthority/10-vendor.d/10-desktop-policy.pkla << EOF
-# Authorizations/policy for the desktop_admin_r and desktop_user_r groups.
+# Authorizations/policy for the wheel group.
 #
 # DO NOT EDIT THIS FILE, it will be overwritten on update.
 # Allow "standard users" to do some things without being interrupted by
 # password dialogs (TODO: not complete)
 #
-[Desktop User Permissions]
+# Allow users in the wheel group to do certain actions without being
 # interrupted by password dialogs
 #
 [Wheel Group Permissions]
 Identity=unix-group:desktop_user_r
-Action=org.gnome.clockapplet.mechanism.settimezone
+Action=org.gnome.clockapplet.mechanism.*;org.freedesktop.RealtimeKit1.*;org.freedesktop.udisks.filesystem-mount-system-internal
-ResultAny=no
+ResultAny=auth_admin
-ResultInactive=no
+ResultInactive=auth_admin
 ResultActive=yes
 # Allow "administrative users" to do a lot of things without being interrupted by
 # password dialogs (TODO: not complete)
 #
 [Desktop Administrator Permissions]
 Identity=unix-group:desktop_admin_r
 Action=org.gnome.clockapplet.mechanism.*;org.freedesktop.udisks.*;org.freedesktop.RealtimeKit1.*
 ResultAny=no
 ResultInactive=no
 ResultActive=yes
 EOF
 ###
@ -132,10 +123,6 @@ EOF
 %postun -p /sbin/ldconfig
 %pre desktop-policy
 /usr/sbin/groupadd -r desktop_admin_r 2> /dev/null || :
 /usr/sbin/groupadd -r desktop_user_r 2> /dev/null || :
 %files desktop-policy
 %{_sysconfdir}/polkit-1/localauthority.conf.d/60-desktop-policy.conf
 %{_localstatedir}/lib/polkit-1/localauthority/10-vendor.d/10-desktop-policy.pkla
@ -188,6 +175,12 @@ EOF
 %{_datadir}/gtk-doc
 %changelog
 * Thu Mar 17 2011 David Zeuthen <davidz@redhat.com> - 0.101-2
 - Nuke desktop_admin_r and desktop_user_r groups - just use the
  wheel group instead (#688363)
 - Update the set of configuration directives that gives users
  in the wheel group extra privileges
 * Thu Mar 03 2011 David Zeuthen <davidz@redhat.com> - 0.101-1
 - New upstream version