Re: apt as a user

Fri, 31 Oct 2014 13:45:28 -0700 

On 2014-10-31 19:36, shawn wilson wrote:
> On Fri, Oct 31, 2014 at 12:40 PM, Vanessa <vane...@ulukai.org> wrote:
>> On 2014-10-31 17:17, shawn wilson wrote:
>>> On Fri, Oct 31, 2014 at 12:05 PM, Mario Castelán Castro
>>> <marioxcc...@yandex.com> wrote:
>>>> El 31/10/14 09:29, shawn wilson escribió:
>>>>
>>>>> I'm trying to allow an apt user to run apt* commands. I've got this
>>>>> polkit:
>>>>>
>>>>> /etc/polkit-1/localauthority/30-site.d/10-org.com.foo.apt.pkla
>>>>>
>>>>> [Configuration]
>>>>> AdminIdentities=unix-user:apt
>>>>> Action=org.debian.apt.*
>>>>> ResultAny=no
>>>>> ResultInactive=no
>>>>> ResultActive=yes
>>>>>
>>>>> However when I: su - apt
>>>>> it looks like nothing has changed:
>>>>>
>>>>> $ apt-get update
>>>>> E: Could not open lock file /var/lib/apt/lists/lock - open (13:
>>>>> Permission denied)
>>>>> E: Unable to lock directory /var/lib/apt/lists/
>>>>> E: Could not open lock file /var/lib/dpkg/lock - open (13: Permission
>>>>> denied)
>>>>> E: Unable to lock the administration directory (/var/lib/dpkg/), are you
>>>>> root?
>>>>>
>>>>> I've got aptdaemon installed. Any idea what I'm doing wrong here?
>> If I'm reading the description and documentation of aptdaemon right, you
>> need to use an aptdaemon client, which would be aptdcon in the same
>> package. But the fetching and installation would then be done by
>> aptdaemon, which would still be run as root and not the user executing
>> aptdcon.
>>
> Ahha, that sorta worked:
> $ aptdcon --safe-upgrade
> The following packages will be upgraded (31):
> [.....]
> Do you want to continue [Y/n]?Y
> ERROR: You are not allowed to perform this action.
>
> ('system-bus-name', {'name':  ':1.50'}): org.debian.apt.upgrade-packages
>
>
> So, I'm guessing there's something wrong with my polkit rule?
After some experimenting (Thanks for the excuse to finally do some
polkit diggging :P ) it seems you need Identity instead of
AdminIdentities. Also the other Result* lines should be set to yes, too.
This worked for me:

[Configuration]
Identity=unix-user:apt
Action=org.debian.apt.*
ResultAny=yes
ResultInactive=yes
ResultActive=yes


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/5453f138.7050...@ulukai.org

Reply via email to