Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

doc: Add documentation about polkit rules and systemd #6900

Merged

Conversation

Projects
None yet
2 participants
@stefwalter
Copy link
Contributor

commented Jun 7, 2017

Add documentation about how to use polkit rules to customize
systemd's privilege escalation.

Fixes #6882

@martinpitt
Copy link
Member

left a comment

Thanks for documenting this! Some typos.


<para>Services like <ulink url="http://www.freedesktop.org/wiki/Software/systemd/">systemd</ulink>
and <ulink url="https://wiki.gnome.org/Projects/NetworkManager">NetworkManager</ulink> use
<ulink url="http://www.freedesktop.org/wiki/Software/polkit/">Policy Kit</ulink> to

This comment has been minimized.

Copy link
@martinpitt

martinpitt Jun 7, 2017

Member

The legacy name is "PolicyKit", the current name is "polkit"; I've never seen "Policy Kit".

This comment has been minimized.

Copy link
@stefwalter

stefwalter Jun 7, 2017

Author Contributor

Fixed.

<para>Policy Kit rules files are
<ulink url="https://www.freedesktop.org/software/polkit/docs/latest/polkit.8.html">javascript with specific methods and objects</ulink>. For example, placing the following polkit rule to
<filename>/etc/polkit-1.rules.d/10-operators.rule</filename> allows all users in the
<code>operators</code> group start, stop, restart and otherwise manage systemd services:</para>

This comment has been minimized.

Copy link
@martinpitt

martinpitt Jun 7, 2017

Member

"to" start, stop...

This comment has been minimized.

Copy link
@stefwalter

stefwalter Jun 7, 2017

Author Contributor

Fixed.

validate and escalate privileges. It is possible to customize these rules with files
in <filename>/etc/polkit-1/rules.d</filename>.</para>

<para>Policy Kit rules files are

This comment has been minimized.

Copy link
@martinpitt

martinpitt Jun 7, 2017

Member

same here

This comment has been minimized.

Copy link
@stefwalter

stefwalter Jun 7, 2017

Author Contributor

Fixed.

});
</programlisting>

<para>In order to allow in a certain group to perform any administrative action you could add

This comment has been minimized.

Copy link
@martinpitt

This comment has been minimized.

Copy link
@stefwalter

stefwalter Jun 7, 2017

Author Contributor

Fixed.

doc: Add documentation about polkit rules and systemd
Add documentation about how to use polkit rules to customize
systemd's privilege escalation.

Fixes #6882
Closes #6900

@stefwalter stefwalter force-pushed the stefwalter:document-polkit-rules branch from a55580c to 240baad Jun 7, 2017

@martinpitt martinpitt merged commit 395a8ff into cockpit-project:master Jun 7, 2017

6 of 15 checks passed

verify/centos-7 Preparation of testable image failed
Details
verify/debian-stable 1 tests failed
Details
verify/fedora-i386 Preparation of testable image failed
Details
semaphoreci The build is pending on Semaphore.
Details
verify/fedora-26 Testing in progress [cockpit-tests-bnn9h]
Details
verify/rhel-7 Testing in progress [cockpit-tests-mkrzf]
Details
verify/rhel-atomic Testing in progress [cockpit-tests-298rq]
Details
verify/ubuntu-1604 Testing in progress [verifymachine4]
Details
verify/ubuntu-stable Testing in progress [cockpit-tests-t8nth]
Details
avocado/fedora-24 Tests passed
Details
container/kubernetes Tests passed
Details
selenium/chrome Tests passed
Details
selenium/firefox Tests passed
Details
verify/debian-testing Tests passed
Details
verify/fedora-atomic Tests passed
Details

@stefwalter stefwalter deleted the stefwalter:document-polkit-rules branch Jul 20, 2017

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.