steve-todorov/_Example polkit rules_.md

## _Example polkit rules_.md

      
    Raw
  

              _Example polkit rules_.md
            
          
    Put your rules in /etc/polkit-1/rules.d/*.rules.
See the polkit(8) manpage for rule syntax. (It's JavaScript.)
If you don't know the action name, run pkaction.
To test your rules, use pkcheck.
pkcheck -u -p $$ -a org.freedesktop.packagekit.upgrade-system

  
## networkmanager-wheel-noauth.js
/* Copy this to /etc/polkit-1/rules.d/80-networkmanager-wheel-without-authentication.rules
 */

polkit.addRule(function(action, subject) {
    if (/^org\.freedesktop\.NetworkManager\./.test(action.id) &&
        subject.local && subject.active && subject.isInGroup("wheel"))
    {
            return polkit.Result.YES;
    }
});

## packagekit-restrict.js
/* Copy this to /etc/polkit-1/rules.d/packagekit-restrict.rules
 */

polkit.addRule(function(action, subject) {
    if (/^org\.freedesktop\.packagekit\./.test(action.id)) {
        if (subject.user === "fred" || subject.isInGroup("wheel")) {
            return polkit.Result.YES;
        } else {
            return polkit.Result.AUTH_ADMIN_KEEP;
        }
    }
});

## udisks1-avoid-consolekit.js
/* Copy this to /etc/polkit-1/rules.d/udisks-no-consolekit.rules
 */

polkit.addRule(function(action, subject) {
    if (action.id == "org.freedesktop.udisks.filesystem-mount") {
        if (subject.isInGroup("wheel"))
            return polkit.Result.YES;
        else
            return polkit.Result.AUTH_ADMIN_KEEP;
    } else if (/^org\.freedesktop\.udisks\./.test(action.id)) {
        return polkit.Result.AUTH_ADMIN_KEEP;
    }
});

## udisks1-wheel-is-god.js
/* Copy this to /etc/polkit-1/rules.d/always-allow-wheel.rules
 */

polkit.addRule(function(action, subject) {
    if (/^org\.freedesktop\.udisks\./.test(action.id)
        && subject.isInGroup("wheel"))
    {
        return polkit.Result.YES;
    }
});

## udisks2-allow-mount-internal.js
/* Copy this to /etc/polkit-1/rules.d/allow-mount-internal.rules
 */

polkit.addRule(function(action, subject) {
    if ((action.id == "org.freedesktop.udisks2.filesystem-mount-system" ||
         action.id == "org.freedesktop.udisks.filesystem-mount-system-internal") &&
        subject.local && subject.active && subject.isInGroup("users"))
    {
            return polkit.Result.YES;
    }
});
	/* Copy this to /etc/polkit-1/rules.d/80-networkmanager-wheel-without-authentication.rules
	*/

	polkit.addRule(function(action, subject) {
	if (/^org\.freedesktop\.NetworkManager\./.test(action.id) &&
	subject.local && subject.active && subject.isInGroup("wheel"))
	{
	return polkit.Result.YES;
	}
	});
	/* Copy this to /etc/polkit-1/rules.d/packagekit-restrict.rules
	*/

	polkit.addRule(function(action, subject) {
	if (/^org\.freedesktop\.packagekit\./.test(action.id)) {
	if (subject.user === "fred" \|\| subject.isInGroup("wheel")) {
	return polkit.Result.YES;
	} else {
	return polkit.Result.AUTH_ADMIN_KEEP;
	}
	}
	});
	/* Copy this to /etc/polkit-1/rules.d/udisks-no-consolekit.rules
	*/

	polkit.addRule(function(action, subject) {
	if (action.id == "org.freedesktop.udisks.filesystem-mount") {
	if (subject.isInGroup("wheel"))
	return polkit.Result.YES;
	else
	return polkit.Result.AUTH_ADMIN_KEEP;
	} else if (/^org\.freedesktop\.udisks\./.test(action.id)) {
	return polkit.Result.AUTH_ADMIN_KEEP;
	}
	});
	/* Copy this to /etc/polkit-1/rules.d/always-allow-wheel.rules
	*/

	polkit.addRule(function(action, subject) {
	if (/^org\.freedesktop\.udisks\./.test(action.id)
	&& subject.isInGroup("wheel"))
	{
	return polkit.Result.YES;
	}
	});
	/* Copy this to /etc/polkit-1/rules.d/allow-mount-internal.rules
	*/

	polkit.addRule(function(action, subject) {
	if ((action.id == "org.freedesktop.udisks2.filesystem-mount-system" \|\|
	action.id == "org.freedesktop.udisks.filesystem-mount-system-internal") &&
	subject.local && subject.active && subject.isInGroup("users"))
	{
	return polkit.Result.YES;
	}
	});