Nuke desktop_admin_r and desktop_user_r groups - just use the
wheel group instead (#688363) Update the set of configuration directives that gives users in the wheel group extra privileges
This commit is contained in:
parent
b834027a7c
commit
9fa422d544
55
polkit.spec
55
polkit.spec
@ -1,7 +1,7 @@
|
||||
Summary: PolicyKit Authorization Framework
|
||||
Name: polkit
|
||||
Version: 0.101
|
||||
Release: 1%{?dist}
|
||||
Release: 2%{?dist}
|
||||
License: LGPLv2+
|
||||
URL: http://www.freedesktop.org/wiki/Software/PolicyKit
|
||||
Source0: http://hal.freedesktop.org/releases/%{name}-%{version}.tar.gz
|
||||
@ -51,15 +51,17 @@ Provides: PolicyKit-docs = 0.11
|
||||
Development documentation for PolicyKit.
|
||||
|
||||
%package desktop-policy
|
||||
Summary: Roles and default policy for desktop usage
|
||||
Summary: PolicyKit policy for desktop users
|
||||
Group: Development/Libraries
|
||||
#Requires: %name = %{version}-%{release}
|
||||
Requires(pre): /usr/sbin/groupadd
|
||||
Requires(preun): /usr/sbin/groupdel
|
||||
BuildArch: noarch
|
||||
|
||||
%description desktop-policy
|
||||
Roles and default policy for desktop usage.
|
||||
This package contains configuration directives to make PolicyKit use
|
||||
members of the wheel group when administrator authentication is
|
||||
required. Additionally, the package also contain configuration
|
||||
directives to allow users in the wheel group to do certain actions
|
||||
without being interrupted by password dialogs
|
||||
|
||||
%prep
|
||||
%setup -q
|
||||
@ -88,40 +90,29 @@ rm -f $RPM_BUILD_ROOT%{_libdir}/polkit-1/extensions/*.la
|
||||
###
|
||||
|
||||
cat > $RPM_BUILD_ROOT%{_sysconfdir}/polkit-1/localauthority.conf.d/60-desktop-policy.conf << EOF
|
||||
# This allows users in the desktop_admin_r group to authenticate as
|
||||
# the administrator.
|
||||
# This allows users in the wheel group to authenticate as the
|
||||
# administrator.
|
||||
#
|
||||
# DO NOT EDIT THIS FILE, it will be overwritten on update.
|
||||
|
||||
[Configuration]
|
||||
AdminIdentities=unix-group:desktop_admin_r
|
||||
AdminIdentities=unix-group:wheel
|
||||
EOF
|
||||
|
||||
cat > $RPM_BUILD_ROOT%{_localstatedir}/lib/polkit-1/localauthority/10-vendor.d/10-desktop-policy.pkla << EOF
|
||||
# Authorizations/policy for the desktop_admin_r and desktop_user_r groups.
|
||||
# Authorizations/policy for the wheel group.
|
||||
#
|
||||
# DO NOT EDIT THIS FILE, it will be overwritten on update.
|
||||
|
||||
# Allow "standard users" to do some things without being interrupted by
|
||||
# password dialogs (TODO: not complete)
|
||||
#
|
||||
[Desktop User Permissions]
|
||||
# Allow users in the wheel group to do certain actions without being
|
||||
# interrupted by password dialogs
|
||||
#
|
||||
[Wheel Group Permissions]
|
||||
Identity=unix-group:desktop_user_r
|
||||
Action=org.gnome.clockapplet.mechanism.settimezone
|
||||
ResultAny=no
|
||||
ResultInactive=no
|
||||
Action=org.gnome.clockapplet.mechanism.*;org.freedesktop.RealtimeKit1.*;org.freedesktop.udisks.filesystem-mount-system-internal
|
||||
ResultAny=auth_admin
|
||||
ResultInactive=auth_admin
|
||||
ResultActive=yes
|
||||
|
||||
# Allow "administrative users" to do a lot of things without being interrupted by
|
||||
# password dialogs (TODO: not complete)
|
||||
#
|
||||
[Desktop Administrator Permissions]
|
||||
Identity=unix-group:desktop_admin_r
|
||||
Action=org.gnome.clockapplet.mechanism.*;org.freedesktop.udisks.*;org.freedesktop.RealtimeKit1.*
|
||||
ResultAny=no
|
||||
ResultInactive=no
|
||||
ResultActive=yes
|
||||
|
||||
EOF
|
||||
|
||||
###
|
||||
@ -132,10 +123,6 @@ EOF
|
||||
|
||||
%postun -p /sbin/ldconfig
|
||||
|
||||
%pre desktop-policy
|
||||
/usr/sbin/groupadd -r desktop_admin_r 2> /dev/null || :
|
||||
/usr/sbin/groupadd -r desktop_user_r 2> /dev/null || :
|
||||
|
||||
%files desktop-policy
|
||||
%{_sysconfdir}/polkit-1/localauthority.conf.d/60-desktop-policy.conf
|
||||
%{_localstatedir}/lib/polkit-1/localauthority/10-vendor.d/10-desktop-policy.pkla
|
||||
@ -188,6 +175,12 @@ EOF
|
||||
%{_datadir}/gtk-doc
|
||||
|
||||
%changelog
|
||||
* Thu Mar 17 2011 David Zeuthen <davidz@redhat.com> - 0.101-2
|
||||
- Nuke desktop_admin_r and desktop_user_r groups - just use the
|
||||
wheel group instead (#688363)
|
||||
- Update the set of configuration directives that gives users
|
||||
in the wheel group extra privileges
|
||||
|
||||
* Thu Mar 03 2011 David Zeuthen <davidz@redhat.com> - 0.101-1
|
||||
- New upstream version
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user