[arch-general] hal has lost its mind again.

David C. Rankin, J.D.,P.E. drankinatty at suddenlinkmail.com
Wed May 20 02:38:22 EDT 2009 

On or about Tuesday 19 May 2009 at approximately 03:33:03 bardo composed:
> 2009/5/18 David C. Rankin, J.D.,P.E. <drankinatty at suddenlinkmail.com>:
> >                <match group="users">
> >                        <return result="yes"/>
> >                </match>
>
> I think this may be your problem. I searched some time ago and found
> out PolicyKit didn't support group matches. A quick look to the
> PolicyKit.conf(5) man page seems to confirm this is still the case.
> Now, I don't know if an invalid entry could invalidate the whole
> config, but it's worth a try.
>
> Corrado

Corrado,

   You and I may be saying the same thing for two different circumstances. 
Admin_auth certainly allows both user and group auths for actions (man 5 
PolicyKit.conf):

define_admin_auth


 This element is used to specify the meaning of "authenticate as 
administrator". It is normally used at the top-level but can also be used 
deep inside a number of match elements for conditional behavior. 

 There can only be a single attribute in each define_admin_auth element. POSIX 
Extended Regular Expression syntax is not supported in the value part, 
however multiple values to match on can be separated with the bar (|) 
character. The following attributes are supported: 

 user 
 Administrator authentication means authenticate as the given user(s). If no 
define_admin_auth element is given, the default is to use user="root" e.g. 
administrator authentication mean authenticate as the super user. 


 group 
 Administrator authentication means that any user in the groups matching the 
given value can be used to authenticate. Typically, on a system with the root 
account disabled one wants to use something like group="wheel" to e.g. enable 
all UNIX users in the UNIX group wheel to be able to authentication whenever 
administrator authentication is required.

</quote>

	The strange thing is that I can specify myself or the wheel group as an admin 
with auth privileges and policy kit still doesn't allow access. I haven't had 
time to play with it anymore yet after DR sent his config over, but I'll let 
you know.

-- 
David C. Rankin, J.D.,P.E.
Rankin Law Firm, PLLC
510 Ochiltree Street
Nacogdoches, Texas 75961
Telephone: (936) 715-9333
Facsimile: (936) 715-9339
www.rankinlawfirm.com

More information about the arch-general mailing list