On Sun, 10 Dec 2017 00:13:59 +0100 Dejan Jocic <jode...@gmail.com> wrote:
> > Man page for pklocalauthority is bit more helpful, but far from self > explanatory. And not updated for Debian. > In its examples section, it provides some insight about > writing .pkla files, but it does not show all possible options, or at > least I can't be sure that it does. For example: > > [Exclude Some Problematic Users] > Identity=unix-user:homer;unix-user:grimes > Action=com.example.awesomeproduct.* > ResultAny=no > ResultInactive=no > ResultActive=auth_admin > > According to that, and after reading man page for polkit, I can only > deduct that .pkla file will for that example in that > com.example.awesomeproduct.* files reads lines under defaults and > "answer" on allow_any and allow_inactive with no value and on > allow_active with auth_admin value. Fine, that can work. Guess that > you can use wildecards for all users, like unix-user:*, but that is > only guess, cause I can't see it documented anywhere ( might have > missed it). What I also do not see anywhere is if those are the only > options available? Or there is some man page, or additional > documentation in Debian that can explain that? > More examples, and in fact, all the Debian policies, are *.policy files and under /usr/share/polkit-1, as Brian pointed out. -- Joe
