12.04
57797
Comment:
|
← Revision 4 as of 2013-04-16 13:26:04 ⇥
29448
|
Deletions are marked like this. | Additions are marked like this. |
Line 13: | Line 13: |
The upstream documentation can be found: http://hal.freedesktop.org/docs/polkit/pklocalauthority.8.html = PolicyKit actions (defaults) = == com.hp.hplip.installplugin == * description: Install a plug-in into a Hewlett-Packard printer * message: System policy prevents installation of a printer plug-in * defaults: * allow_active: auth_admin * allow_any: no * allow_inactive: no == com.ubuntu.devicedriver.check == * description: Check for newly available drivers for, and used drivers on this system * message: To check the driver status, you need to authenticate. * defaults: * allow_active: yes * allow_inactive: yes == com.ubuntu.devicedriver.info == * description: Get information about local device drivers * message: To query the device drivers, you need to authenticate. * defaults: * allow_active: yes * allow_any: yes * allow_inactive: yes == com.ubuntu.devicedriver.install == * description: Install or remove device drivers * message: To install or remove device drivers, you need to authenticate. * defaults: * allow_active: auth_admin_keep * allow_any: auth_admin * allow_inactive: auth_admin == com.ubuntu.devicedriver.update == * description: Query local and remote driver databases for updated drivers for the system * message: To query the driver databases for updates, you need to authenticate. * defaults: * allow_active: yes * allow_inactive: yes == com.ubuntu.languageselector.setsystemdefaultlanguage == * description: Set system default language * message: System policy prevented setting default language * defaults: * allow_active: auth_admin_keep * allow_any: auth_admin * allow_inactive: no == com.ubuntu.softwareproperties.applychanges == * description: Write Configuration * message: To change software repository settings, you need to authenticate. * defaults: * allow_active: auth_admin_keep * allow_any: auth_admin * allow_inactive: auth_admin == com.ubuntu.systemservice.getkeyboard == * description: Get current global keyboard * message: System policy prevents querying keyboard settings * defaults: * allow_active: yes * allow_inactive: yes == com.ubuntu.systemservice.getproxy == * description: Get current global proxy * message: System policy prevents querying proxy settings * defaults: * allow_active: yes * allow_inactive: yes == com.ubuntu.systemservice.ispkgsystemlocked == * description: Check if the package system is locked * message: System policy prevents querying package system lock * defaults: * allow_active: yes * allow_inactive: yes == com.ubuntu.systemservice.setkeyboard == * description: Set current global keyboard * message: System policy prevents setting global keyboard settings * defaults: * allow_active: auth_admin_keep * allow_inactive: no == com.ubuntu.systemservice.setnoproxy == * description: Set current global proxy exception * message: System policy prevents setting no_proxy settings * defaults: * allow_active: auth_admin_keep * allow_inactive: no == com.ubuntu.systemservice.setproxy == * description: Set current global proxy * message: System policy prevents setting proxy settings * defaults: * allow_active: auth_admin_keep * allow_inactive: no == com.ubuntu.usbcreator.bootloader == * description: Install the bootloader * message: System policy prevents installing the bootloader * defaults: * allow_active: auth_admin_keep * allow_any: no * allow_inactive: no == com.ubuntu.usbcreator.format == * description: Format the device * message: System policy prevents formatting this device * defaults: * allow_active: auth_admin_keep * allow_any: no * allow_inactive: no == com.ubuntu.usbcreator.image == * description: Image the device * message: System policy prevents writing a disk image to this device * defaults: * allow_active: auth_admin_keep * allow_any: no * allow_inactive: no == com.ubuntu.usbcreator.mount == * description: Mount a device * message: System policy prevents mounting * defaults: * allow_active: auth_admin_keep * allow_any: no * allow_inactive: no == com.ubuntu.whoopsiepreferences.change == * description: Privacy settings * message: To change your privacy settings you need to authenticate. * defaults: * allow_active: auth_admin_keep * allow_any: auth_admin * allow_inactive: auth_admin == org.debian.apt.cancel-foreign == * description: Cancel the task of another user * message: To cancel someone else's software changes, you need to authenticate. * defaults: * allow_active: auth_admin * allow_any: auth_admin * allow_inactive: auth_admin == org.debian.apt.change-config == * description: Change software configuration * message: To change software settings, you need to authenticate. * defaults: * allow_active: auth_admin_keep * allow_any: auth_admin * allow_inactive: auth_admin == org.debian.apt.change-repository == * description: Change software repository * message: To change software repository settings, you need to authenticate. * defaults: * allow_active: auth_admin_keep * allow_any: auth_admin * allow_inactive: auth_admin == org.debian.apt.clean == * description: Remove downloaded package files * message: To clean downloaded package files, you need to authenticate. * defaults: * allow_active: yes * allow_any: auth_admin * allow_inactive: auth_admin == org.debian.apt.get-trusted-vendor-keys == * description: List keys of trusted vendors * message: To view the list of trusted keys, you need to authenticate. * defaults: * allow_active: auth_admin_keep * allow_any: auth_admin * allow_inactive: auth_admin == org.debian.apt.install-file == * description: Install package file * message: To install this package, you need to authenticate. * defaults: * allow_active: auth_admin_keep * allow_any: auth_admin * allow_inactive: auth_admin == org.debian.apt.install-or-remove-packages == * description: Install or remove packages * message: To install or remove software, you need to authenticate. * defaults: * allow_active: auth_admin_keep * allow_any: auth_admin * allow_inactive: auth_admin == org.debian.apt.install-packages-from-new-repo == * description: Add a new repository and install packages from it * message: To install software from a new source, you need to authenticate. * defaults: * allow_active: auth_admin_keep * allow_any: auth_admin * allow_inactive: auth_admin == org.debian.apt.install-purchased-packages == * description: Add a new repository of purchased software and install packages from it * message: To install purchased software, you need to authenticate. * defaults: * allow_active: auth_admin_keep * allow_any: auth_admin * allow_inactive: auth_admin == org.debian.apt.set-proxy == * description: Set a proxy for software downloads * message: To use a proxy server for downloading software, you need to authenticate. * defaults: * allow_active: auth_admin * allow_any: auth_admin * allow_inactive: auth_admin == org.debian.apt.update-cache == * description: Update package information * message: To update the software catalog, you need to authenticate. * defaults: * allow_active: yes * allow_any: auth_admin * allow_inactive: auth_admin == org.debian.apt.upgrade-packages == * description: Upgrade packages * message: To install updated software, you need to authenticate. * defaults: * allow_active: auth_admin_keep * allow_any: auth_admin * allow_inactive: auth_admin == org.debian.aptxapianindex.update == * description: Update the xapian index * message: System policy prevents updating xapian index * defaults: * allow_active: yes * allow_inactive: no == org.debian.pkexec.gnome-system-log.run == * description: Run gnome-system-log * message: Authentication is required to run gnome-system-log * defaults: * allow_active: auth_admin_keep * allow_any: no * allow_inactive: no == org.freedesktop.ModemManager.Contacts == * description: Add, modify, and delete mobile broadband contacts * message: System policy prevents adding, modifying, or deleting this device's contacts. * defaults: * allow_active: auth_self_keep * allow_inactive: no == org.freedesktop.ModemManager.Device.Control == * description: Unlock and control a mobile broadband device * message: System policy prevents unlocking or controlling the mobile broadband device. * defaults: * allow_active: auth_self_keep * allow_inactive: no == org.freedesktop.ModemManager.Device.Info == * description: Request mobile broadband device identifying information * message: System policy prevents requesting identifying information from the mobile broadband device. * defaults: * allow_active: yes * allow_inactive: no == org.freedesktop.ModemManager.Location == * description: Enable and view geographic location and positioning information * message: System policy prevents enabling or viewing geographic location information. * defaults: * allow_active: auth_self_keep * allow_inactive: no == org.freedesktop.ModemManager.SMS == * description: Send, save, modify, and delete text messages * message: System policy prevents sending or maniuplating this device's text messages. * defaults: * allow_active: auth_self_keep * allow_inactive: no == org.freedesktop.ModemManager.USSD == * description: Query and utilize network information and services * message: System policy prevents querying or utilizing network information and services. * defaults: * allow_active: yes * allow_inactive: no == org.freedesktop.NetworkManager.enable-disable-network == * description: Enable or disable system networking * message: System policy prevents enabling or disabling system networking * defaults: * allow_active: yes * allow_inactive: no == org.freedesktop.NetworkManager.enable-disable-wifi == * description: Enable or disable WiFi devices * message: System policy prevents enabling or disabling WiFi devices * defaults: * allow_active: yes * allow_inactive: no == org.freedesktop.NetworkManager.enable-disable-wimax == * description: Enable or disable WiMAX mobile broadband devices * message: System policy prevents enabling or disabling WiMAX mobile broadband devices * defaults: * allow_active: yes * allow_inactive: no == org.freedesktop.NetworkManager.enable-disable-wwan == * description: Enable or disable mobile broadband devices * message: System policy prevents enabling or disabling mobile broadband devices * defaults: * allow_active: yes * allow_inactive: no == org.freedesktop.NetworkManager.network-control == * description: Allow control of network connections * message: System policy prevents control of network connections * defaults: * allow_active: yes * allow_inactive: yes == org.freedesktop.NetworkManager.settings.modify.hostname == * description: Modify persistent system hostname * message: System policy prevents modification of the persistent system hostname * defaults: * allow_active: auth_admin_keep * allow_inactive: no == org.freedesktop.NetworkManager.settings.modify.own == * description: Modify personal network connections * message: System policy prevents modification of personal network settings * defaults: * allow_active: yes * allow_inactive: no == org.freedesktop.NetworkManager.settings.modify.system == * description: Modify network connections for all users * message: System policy prevents modification of network settings for all users * defaults: * allow_active: auth_admin_keep * allow_inactive: no == org.freedesktop.NetworkManager.sleep-wake == * description: Put NetworkManager to sleep or wake it up (should only be used by system power management) * message: System policy prevents putting NetworkManager to sleep or waking it up * defaults: * allow_active: no * allow_inactive: no == org.freedesktop.NetworkManager.use-user-connections == * description: Allow use of user-specific connections * message: System policy prevents use of user-specific connections * defaults: * allow_active: yes * allow_inactive: yes == org.freedesktop.NetworkManager.wifi.share.open == * description: Connection sharing via an open WiFi network * message: System policy prevents sharing connections via an open WiFi network * defaults: * allow_active: yes * allow_inactive: no == org.freedesktop.NetworkManager.wifi.share.protected == * description: Connection sharing via a protected WiFi network * message: System policy prevents sharing connections via a protected WiFi network * defaults: * allow_active: yes * allow_inactive: no == org.freedesktop.RealtimeKit1.acquire-high-priority == * description: Grant high priority scheduling to a user process * message: Authentication is required to grant an application high priority scheduling * defaults: * allow_active: yes * allow_any: no * allow_inactive: yes == org.freedesktop.RealtimeKit1.acquire-real-time == * description: Grant realtime scheduling to a user process * message: Authentication is required to grant an application realtime scheduling * defaults: * allow_active: yes * allow_any: no * allow_inactive: yes == org.freedesktop.accounts.change-own-user-data == * description: Change your own user data * message: Authentication is required to change your own user data * defaults: * allow_active: yes * allow_any: no * allow_inactive: no == org.freedesktop.accounts.set-login-option == * description: Change the login screen configuration * message: Authentication is required to change the login screen configuration * defaults: * allow_active: auth_admin_keep * allow_any: no * allow_inactive: no == org.freedesktop.accounts.user-administration == * description: Manage user accounts * message: Authentication is required to change user data * defaults: * allow_active: auth_admin_keep * allow_any: no * allow_inactive: no == org.freedesktop.color-manager.create-device == * description: Create a color managed device * message: Authentication is required to create a color managed device * defaults: * allow_active: yes * allow_any: no * allow_inactive: no == org.freedesktop.color-manager.create-profile == * description: Create a color profile * message: Authentication is required to create a color profile * defaults: * allow_active: yes * allow_any: no * allow_inactive: no == org.freedesktop.color-manager.delete-device == * description: Remove a color managed device * message: Authentication is required to remove a color managed device * defaults: * allow_active: yes * allow_any: no * allow_inactive: no == org.freedesktop.color-manager.delete-profile == * description: Remove a color profile * message: Authentication is required to remove a color profile * defaults: * allow_active: yes * allow_any: no * allow_inactive: no == org.freedesktop.color-manager.device-inhibit == * description: Inhibit color profile selection * message: Authentication is required to disable profile matching for a device * defaults: * allow_active: yes * allow_any: no * allow_inactive: no == org.freedesktop.color-manager.install-system-wide == * description: Install system color profiles * message: Authentication is required to install the color profile for all users * defaults: * allow_active: auth_admin_keep * allow_any: no * allow_inactive: no == org.freedesktop.color-manager.modify-device == * description: Modify color settings for a device * message: Authentication is required to modify the color settings for a device * defaults: * allow_active: yes * allow_any: no * allow_inactive: no == org.freedesktop.color-manager.modify-profile == * description: Modify a color profile * message: Authentication is required to modify a color profile * defaults: * allow_active: yes * allow_any: no * allow_inactive: no == org.freedesktop.color-manager.sensor-lock == * description: Use color sensor * message: Authentication is required to use the color sensor * defaults: * allow_active: yes * allow_any: no * allow_inactive: no == org.freedesktop.consolekit.system.restart == * description: Restart the system * message: System policy prevents restarting the system * defaults: * allow_active: yes * allow_inactive: no == org.freedesktop.consolekit.system.restart-multiple-users == * description: Restart the system when multiple users are logged in * message: System policy prevents restarting the system when other users are logged in * defaults: * allow_active: auth_admin_keep * allow_inactive: no == org.freedesktop.consolekit.system.stop == * description: Stop the system * message: System policy prevents stopping the system * defaults: * allow_active: yes * allow_inactive: no == org.freedesktop.consolekit.system.stop-multiple-users == * description: Stop the system when multiple users are logged in * message: System policy prevents stopping the system when other users are logged in * defaults: * allow_active: auth_admin_keep * allow_inactive: no == org.freedesktop.hostname1.set-hostname == * description: Set host name * message: Authentication is required to set the local host name. * defaults: * allow_active: auth_admin_keep * allow_any: auth_admin_keep * allow_inactive: auth_admin_keep == org.freedesktop.hostname1.set-machine-info == * description: Set machine information * message: Authentication is required to set local machine information. * defaults: * allow_active: auth_admin_keep * allow_any: auth_admin_keep * allow_inactive: auth_admin_keep == org.freedesktop.hostname1.set-static-hostname == * description: Set static host name * message: Authentication is required to set the statically configured local host name, as well as the pretty host name. * defaults: * allow_active: auth_admin_keep * allow_any: auth_admin_keep * allow_inactive: auth_admin_keep == org.freedesktop.locale1.set-keyboard == * description: Set system keyboard settings * message: Authentication is required to set the system keyboard settings. * defaults: * allow_active: auth_admin_keep * allow_any: auth_admin_keep * allow_inactive: auth_admin_keep == org.freedesktop.locale1.set-locale == * description: Set system locale * message: Authentication is required to set the system locale. * defaults: * allow_active: auth_admin_keep * allow_any: auth_admin_keep * allow_inactive: auth_admin_keep == org.freedesktop.policykit.exec == * description: Run programs as another user * message: Authentication is required to run a program as another user * defaults: * allow_active: auth_admin * allow_any: auth_admin * allow_inactive: auth_admin == org.freedesktop.policykit.lockdown == * description: Configure lock down for an action * message: Authentication is required to configure lock down policy * defaults: * allow_active: auth_admin * allow_any: no * allow_inactive: no == org.freedesktop.udisks.cancel-job-others == * description: Cancel a job initiated by another user * message: Authentication is required to cancel a job initiated by another user * defaults: * allow_active: auth_admin * allow_any: no * allow_inactive: no == org.freedesktop.udisks.change == * description: Modify a device * message: Authentication is required to modify the device * defaults: * allow_active: yes * allow_any: no * allow_inactive: no == org.freedesktop.udisks.change-system-internal == * description: Modify a system-internal device * message: Authentication is required to modify the device * defaults: * allow_active: auth_admin_keep * allow_any: no * allow_inactive: no == org.freedesktop.udisks.drive-ata-smart-refresh == * description: Refresh ATA SMART data * message: Authentication is required to refresh ATA SMART data * defaults: * allow_active: yes * allow_any: no * allow_inactive: no == org.freedesktop.udisks.drive-ata-smart-retrieve-historical-data == * description: Retrieve historical ATA SMART data * message: Authentication is required to retrieve historical ATA SMART data * defaults: * allow_active: yes * allow_any: no * allow_inactive: no == org.freedesktop.udisks.drive-ata-smart-selftest == * description: Run ATA SMART Self Tests * message: Authentication is required to run ATA SMART self tests * defaults: * allow_active: auth_admin * allow_any: no * allow_inactive: no == org.freedesktop.udisks.drive-detach == * description: Detach a drive * message: Authentication is required to detach the drive * defaults: * allow_active: yes * allow_any: no * allow_inactive: no == org.freedesktop.udisks.drive-eject == * description: Eject media from a device * message: Authentication is required to eject media from the device * defaults: * allow_active: yes * allow_any: no * allow_inactive: no == org.freedesktop.udisks.drive-set-spindown == * description: Set drive spindown timeout * message: Authentication is required to configure drive spindown timeout * defaults: * allow_active: yes * allow_any: no * allow_inactive: no == org.freedesktop.udisks.filesystem-check == * description: Check file system on a device * message: Authentication is required to check the file system on the device * defaults: * allow_active: yes * allow_any: no * allow_inactive: no == org.freedesktop.udisks.filesystem-check-system-internal == * description: Check file system of a system-internal device * message: Authentication is required to check the file system on the device * defaults: * allow_active: auth_admin_keep * allow_any: no * allow_inactive: no == org.freedesktop.udisks.filesystem-lsof == * description: List open files * message: Authentication is required to list open files on a mounted file system * defaults: * allow_active: yes * allow_any: no * allow_inactive: no == org.freedesktop.udisks.filesystem-lsof-system-internal == * description: List open files on a system-internal device * message: Authentication is required to list open files on a mounted file system * defaults: * allow_active: auth_admin_keep * allow_any: no * allow_inactive: no == org.freedesktop.udisks.filesystem-mount == * description: Mount a device * message: Authentication is required to mount the device * defaults: * allow_active: yes * allow_any: no * allow_inactive: no == org.freedesktop.udisks.filesystem-mount-system-internal == * description: Mount a system-internal device * message: Authentication is required to mount the device * defaults: * allow_active: auth_admin_keep * allow_any: no * allow_inactive: no == org.freedesktop.udisks.filesystem-unmount-others == * description: Unmount a device mounted by another user * message: Authentication is required to unmount devices mounted by another user * defaults: * allow_active: auth_admin * allow_any: no * allow_inactive: no == org.freedesktop.udisks.inhibit-polling == * description: Inhibit media detection * message: Authentication is required to inhibit media detection * defaults: * allow_active: yes * allow_any: no * allow_inactive: no == org.freedesktop.udisks.linux-lvm2 == * description: Configure Linux LVM2 * message: Authentication is required to configure Linux LVM2 * defaults: * allow_active: auth_admin_keep * allow_any: no * allow_inactive: no == org.freedesktop.udisks.linux-md == * description: Configure Linux Software RAID * message: Authentication is required to configure Linux Software RAID devices * defaults: * allow_active: auth_admin_keep * allow_any: no * allow_inactive: no == org.freedesktop.udisks.luks-lock-others == * description: Lock an encrypted device unlocked by another user * message: Authentication is required to lock an encrypted device unlocked by another user * defaults: * allow_active: auth_admin * allow_any: no * allow_inactive: no == org.freedesktop.udisks.luks-unlock == * description: Unlock an encrypted device * message: Authentication is required to unlock an encrypted device * defaults: * allow_active: yes * allow_any: no * allow_inactive: no == org.freedesktop.upower.hibernate == * description: Hibernate the system * message: Authentication is required to hibernate the system * defaults: * allow_active: yes * allow_inactive: no == org.freedesktop.upower.qos.cancel-request == * description: Cancel a latency request * message: Authentication is required to cancel a latency request * defaults: * allow_active: auth_admin * allow_inactive: no == org.freedesktop.upower.qos.request-latency == * description: Set the required latency of an application * message: Authentication is required to set the required latency of an application * defaults: * allow_active: yes * allow_inactive: no == org.freedesktop.upower.qos.request-latency-persistent == * description: Set a persistent latency setting * message: Authentication is required to set a persistent latency setting * defaults: * allow_active: yes * allow_inactive: no == org.freedesktop.upower.qos.set-minimum-latency == * description: Set administrator settings for latency control * message: Authentication is required to set administrator settings for latency control * defaults: * allow_active: auth_admin * allow_inactive: no == org.freedesktop.upower.suspend == * description: Suspend the system * message: Authentication is required to suspend the system * defaults: * allow_active: yes * allow_inactive: no == org.gnome.settings-daemon.plugins.power.backlight-helper == * description: Modify the laptop brightness * message: Authentication is required to modify the laptop brightness * defaults: * allow_active: yes * allow_any: no * allow_inactive: no == org.gnome.settings-daemon.plugins.wacom.wacom-led-helper == * description: Modify the lit LED for a Wacom tablet * message: Authentication is required to modify the lit LED for a Wacom tablet * defaults: * allow_active: yes * allow_any: no * allow_inactive: no == org.gnome.settingsdaemon.datetimemechanism.configure == * description: Change system time and date settings * message: To change time or date settings, you need to authenticate. * defaults: * allow_active: auth_admin_keep * allow_any: no * allow_inactive: no = PolicyKit package overrides = == com.ubuntu.usbcreator.image == * identity: unix-group:admin;unix-group:sudo * active: yes == com.ubuntu.usbcreator.mount == * identity: unix-group:admin;unix-group:sudo * active: yes == org.debian.apt.upgrade-packages == * identity: unix-group:admin;unix-group:sudo * active: yes == org.freedesktop.NetworkManager.settings.modify.system == * identity: unix-group:admin;unix-group:sudo * active: yes == org.freedesktop.udisks.drive-ata-smart* == * identity: unix-group:admin;unix-group:sudo * active: yes == org.freedesktop.udisks.filesystem-* == * identity: unix-group:admin;unix-group:sudo * active: yes == org.freedesktop.upower.hibernate == * identity: unix-user:* * active: no == org.gnome.clockapplet.mechanism.* == * identity: unix-group:admin;unix-group:sudo * active: yes == org.gnome.cpufreqselector == * identity: unix-group:admin;unix-group:sudo * active: yes == org.gnome.settingsdaemon.datetimemechanism.* == * identity: unix-group:admin;unix-group:sudo * active: yes == org.kde.kcontrol.kcmclock.save == * identity: unix-group:admin;unix-group:sudo * active: yes == org.opensuse.cupspkhelper.mechanism.* == * identity: unix-group:lpadmin;unix-group:admin;unix-group:sudo * active: yes = PolicyKit local overrides = None |
The pklocalauthority documentation can be found at: * http://manpages.ubuntu.com/manpages/precise/en/man8/polkit.8.html * http://manpages.ubuntu.com/manpages/precise/en/man8/pklocalauthority.8.html |
Overview
PolicyKit provides an authorization API intended to be used by privileged programs offering service to unprivileged programs. A client program calls a privileged helper program, and this helper program determines if the client is authorized for the requested action.
PolicyKit policies are XML files and are by default stored in:
- /usr/share/polkit-1/actions
A distribution may override the default policy by providing .INI style .plka files in:
- /var/lib/polkit-1/localauthority
An administrator may override the default and distribution overrides by providing .INI style .plka files in:
- /etc/polkit-1/localauthority
The pklocalauthority documentation can be found at:
http://manpages.ubuntu.com/manpages/precise/en/man8/polkit.8.html
http://manpages.ubuntu.com/manpages/precise/en/man8/pklocalauthority.8.html
PolicyKit actions (merged)
com.hp.hplip.installplugin
- description: Install a plug-in into a Hewlett-Packard printer
- message: System policy prevents installation of a printer plug-in
- defaults:
- allow_active: auth_admin
- allow_any: no
- allow_inactive: no
com.ubuntu.devicedriver.check
- description: Check for newly available drivers for, and used drivers on this system
- message: To check the driver status, you need to authenticate.
- defaults:
- allow_active: yes
- allow_inactive: yes
com.ubuntu.devicedriver.info
- description: Get information about local device drivers
- message: To query the device drivers, you need to authenticate.
- defaults:
- allow_active: yes
- allow_any: yes
- allow_inactive: yes
com.ubuntu.devicedriver.install
- description: Install or remove device drivers
- message: To install or remove device drivers, you need to authenticate.
- defaults:
- allow_active: auth_admin_keep
- allow_any: auth_admin
- allow_inactive: auth_admin
com.ubuntu.devicedriver.update
- description: Query local and remote driver databases for updated drivers for the system
- message: To query the driver databases for updates, you need to authenticate.
- defaults:
- allow_active: yes
- allow_inactive: yes
com.ubuntu.languageselector.setsystemdefaultlanguage
- description: Set system default language
- message: System policy prevented setting default language
- defaults:
- allow_active: auth_admin_keep
- allow_any: auth_admin
- allow_inactive: no
com.ubuntu.softwareproperties.applychanges
- description: Write Configuration
- message: To change software repository settings, you need to authenticate.
- defaults:
- allow_active: auth_admin_keep
- allow_any: auth_admin
- allow_inactive: auth_admin
com.ubuntu.systemservice.getkeyboard
- description: Get current global keyboard
- message: System policy prevents querying keyboard settings
- defaults:
- allow_active: yes
- allow_inactive: yes
com.ubuntu.systemservice.getproxy
- description: Get current global proxy
- message: System policy prevents querying proxy settings
- defaults:
- allow_active: yes
- allow_inactive: yes
com.ubuntu.systemservice.ispkgsystemlocked
- description: Check if the package system is locked
- message: System policy prevents querying package system lock
- defaults:
- allow_active: yes
- allow_inactive: yes
com.ubuntu.systemservice.setkeyboard
- description: Set current global keyboard
- message: System policy prevents setting global keyboard settings
- defaults:
- allow_active: auth_admin_keep
- allow_inactive: no
com.ubuntu.systemservice.setnoproxy
- description: Set current global proxy exception
- message: System policy prevents setting no_proxy settings
- defaults:
- allow_active: auth_admin_keep
- allow_inactive: no
com.ubuntu.systemservice.setproxy
- description: Set current global proxy
- message: System policy prevents setting proxy settings
- defaults:
- allow_active: auth_admin_keep
- allow_inactive: no
com.ubuntu.usbcreator.bootloader
- description: Install the bootloader
- message: System policy prevents installing the bootloader
- defaults:
- allow_active: auth_admin_keep
- allow_any: no
- allow_inactive: no
com.ubuntu.usbcreator.format
- description: Format the device
- message: System policy prevents formatting this device
- defaults:
- allow_active: auth_admin_keep
- allow_any: no
- allow_inactive: no
com.ubuntu.usbcreator.image
- description: Image the device
- message: System policy prevents writing a disk image to this device
- defaults:
- allow_active: auth_admin_keep
- allow_any: no
- allow_inactive: no
- overrides (package)
- identity: unix-group:admin;unix-group:sudo
- allow_active: yes
- identity: unix-group:admin;unix-group:sudo
com.ubuntu.usbcreator.mount
- description: Mount a device
- message: System policy prevents mounting
- defaults:
- allow_active: auth_admin_keep
- allow_any: no
- allow_inactive: no
- overrides (package)
- identity: unix-group:admin;unix-group:sudo
- allow_active: yes
- identity: unix-group:admin;unix-group:sudo
com.ubuntu.whoopsiepreferences.change
- description: Privacy settings
- message: To change your privacy settings you need to authenticate.
- defaults:
- allow_active: auth_admin_keep
- allow_any: auth_admin
- allow_inactive: auth_admin
org.debian.apt.cancel-foreign
- description: Cancel the task of another user
- message: To cancel someone else's software changes, you need to authenticate.
- defaults:
- allow_active: auth_admin
- allow_any: auth_admin
- allow_inactive: auth_admin
org.debian.apt.change-config
- description: Change software configuration
- message: To change software settings, you need to authenticate.
- defaults:
- allow_active: auth_admin_keep
- allow_any: auth_admin
- allow_inactive: auth_admin
org.debian.apt.change-repository
- description: Change software repository
- message: To change software repository settings, you need to authenticate.
- defaults:
- allow_active: auth_admin_keep
- allow_any: auth_admin
- allow_inactive: auth_admin
org.debian.apt.clean
- description: Remove downloaded package files
- message: To clean downloaded package files, you need to authenticate.
- defaults:
- allow_active: yes
- allow_any: auth_admin
- allow_inactive: auth_admin
org.debian.apt.get-trusted-vendor-keys
- description: List keys of trusted vendors
- message: To view the list of trusted keys, you need to authenticate.
- defaults:
- allow_active: auth_admin_keep
- allow_any: auth_admin
- allow_inactive: auth_admin
org.debian.apt.install-file
- description: Install package file
- message: To install this package, you need to authenticate.
- defaults:
- allow_active: auth_admin_keep
- allow_any: auth_admin
- allow_inactive: auth_admin
org.debian.apt.install-or-remove-packages
- description: Install or remove packages
- message: To install or remove software, you need to authenticate.
- defaults:
- allow_active: auth_admin_keep
- allow_any: auth_admin
- allow_inactive: auth_admin
org.debian.apt.install-packages-from-new-repo
- description: Add a new repository and install packages from it
- message: To install software from a new source, you need to authenticate.
- defaults:
- allow_active: auth_admin_keep
- allow_any: auth_admin
- allow_inactive: auth_admin
org.debian.apt.install-purchased-packages
- description: Add a new repository of purchased software and install packages from it
- message: To install purchased software, you need to authenticate.
- defaults:
- allow_active: auth_admin_keep
- allow_any: auth_admin
- allow_inactive: auth_admin
org.debian.apt.set-proxy
- description: Set a proxy for software downloads
- message: To use a proxy server for downloading software, you need to authenticate.
- defaults:
- allow_active: auth_admin
- allow_any: auth_admin
- allow_inactive: auth_admin
org.debian.apt.update-cache
- description: Update package information
- message: To update the software catalog, you need to authenticate.
- defaults:
- allow_active: yes
- allow_any: auth_admin
- allow_inactive: auth_admin
org.debian.apt.upgrade-packages
- description: Upgrade packages
- message: To install updated software, you need to authenticate.
- defaults:
- allow_active: auth_admin_keep
- allow_any: auth_admin
- allow_inactive: auth_admin
- overrides (package)
- identity: unix-group:admin;unix-group:sudo
- allow_active: yes
- identity: unix-group:admin;unix-group:sudo
org.debian.aptxapianindex.update
- description: Update the xapian index
- message: System policy prevents updating xapian index
- defaults:
- allow_active: yes
- allow_inactive: no
org.debian.pkexec.gnome-system-log.run
- description: Run gnome-system-log
- message: Authentication is required to run gnome-system-log
- defaults:
- allow_active: auth_admin_keep
- allow_any: no
- allow_inactive: no
org.freedesktop.ModemManager.Contacts
- description: Add, modify, and delete mobile broadband contacts
- message: System policy prevents adding, modifying, or deleting this device's contacts.
- defaults:
- allow_active: auth_self_keep
- allow_inactive: no
org.freedesktop.ModemManager.Device.Control
- description: Unlock and control a mobile broadband device
- message: System policy prevents unlocking or controlling the mobile broadband device.
- defaults:
- allow_active: auth_self_keep
- allow_inactive: no
org.freedesktop.ModemManager.Device.Info
- description: Request mobile broadband device identifying information
- message: System policy prevents requesting identifying information from the mobile broadband device.
- defaults:
- allow_active: yes
- allow_inactive: no
org.freedesktop.ModemManager.Location
- description: Enable and view geographic location and positioning information
- message: System policy prevents enabling or viewing geographic location information.
- defaults:
- allow_active: auth_self_keep
- allow_inactive: no
org.freedesktop.ModemManager.SMS
- description: Send, save, modify, and delete text messages
- message: System policy prevents sending or maniuplating this device's text messages.
- defaults:
- allow_active: auth_self_keep
- allow_inactive: no
org.freedesktop.ModemManager.USSD
- description: Query and utilize network information and services
- message: System policy prevents querying or utilizing network information and services.
- defaults:
- allow_active: yes
- allow_inactive: no
org.freedesktop.NetworkManager.enable-disable-network
- description: Enable or disable system networking
- message: System policy prevents enabling or disabling system networking
- defaults:
- allow_active: yes
- allow_inactive: no
org.freedesktop.NetworkManager.enable-disable-wifi
description: Enable or disable WiFi devices
message: System policy prevents enabling or disabling WiFi devices
- defaults:
- allow_active: yes
- allow_inactive: no
org.freedesktop.NetworkManager.enable-disable-wimax
- description: Enable or disable WiMAX mobile broadband devices
- message: System policy prevents enabling or disabling WiMAX mobile broadband devices
- defaults:
- allow_active: yes
- allow_inactive: no
org.freedesktop.NetworkManager.enable-disable-wwan
- description: Enable or disable mobile broadband devices
- message: System policy prevents enabling or disabling mobile broadband devices
- defaults:
- allow_active: yes
- allow_inactive: no
org.freedesktop.NetworkManager.network-control
- description: Allow control of network connections
- message: System policy prevents control of network connections
- defaults:
- allow_active: yes
- allow_inactive: yes
org.freedesktop.NetworkManager.settings.modify.hostname
- description: Modify persistent system hostname
- message: System policy prevents modification of the persistent system hostname
- defaults:
- allow_active: auth_admin_keep
- allow_inactive: no
org.freedesktop.NetworkManager.settings.modify.own
- description: Modify personal network connections
- message: System policy prevents modification of personal network settings
- defaults:
- allow_active: yes
- allow_inactive: no
org.freedesktop.NetworkManager.settings.modify.system
- description: Modify network connections for all users
- message: System policy prevents modification of network settings for all users
- defaults:
- allow_active: auth_admin_keep
- allow_inactive: no
- overrides (package)
- identity: unix-group:admin;unix-group:sudo
- allow_active: yes
- identity: unix-group:admin;unix-group:sudo
org.freedesktop.NetworkManager.sleep-wake
description: Put NetworkManager to sleep or wake it up (should only be used by system power management)
message: System policy prevents putting NetworkManager to sleep or waking it up
- defaults:
- allow_active: no
- allow_inactive: no
org.freedesktop.NetworkManager.use-user-connections
- description: Allow use of user-specific connections
- message: System policy prevents use of user-specific connections
- defaults:
- allow_active: yes
- allow_inactive: yes
org.freedesktop.NetworkManager.wifi.share.open
description: Connection sharing via an open WiFi network
message: System policy prevents sharing connections via an open WiFi network
- defaults:
- allow_active: yes
- allow_inactive: no
org.freedesktop.NetworkManager.wifi.share.protected
description: Connection sharing via a protected WiFi network
message: System policy prevents sharing connections via a protected WiFi network
- defaults:
- allow_active: yes
- allow_inactive: no
org.freedesktop.RealtimeKit1.acquire-high-priority
- description: Grant high priority scheduling to a user process
- message: Authentication is required to grant an application high priority scheduling
- defaults:
- allow_active: yes
- allow_any: no
- allow_inactive: yes
org.freedesktop.RealtimeKit1.acquire-real-time
- description: Grant realtime scheduling to a user process
- message: Authentication is required to grant an application realtime scheduling
- defaults:
- allow_active: yes
- allow_any: no
- allow_inactive: yes
org.freedesktop.accounts.change-own-user-data
- description: Change your own user data
- message: Authentication is required to change your own user data
- defaults:
- allow_active: yes
- allow_any: no
- allow_inactive: no
org.freedesktop.accounts.set-login-option
- description: Change the login screen configuration
- message: Authentication is required to change the login screen configuration
- defaults:
- allow_active: auth_admin_keep
- allow_any: no
- allow_inactive: no
org.freedesktop.accounts.user-administration
- description: Manage user accounts
- message: Authentication is required to change user data
- defaults:
- allow_active: auth_admin_keep
- allow_any: no
- allow_inactive: no
org.freedesktop.color-manager.create-device
- description: Create a color managed device
- message: Authentication is required to create a color managed device
- defaults:
- allow_active: yes
- allow_any: no
- allow_inactive: no
org.freedesktop.color-manager.create-profile
- description: Create a color profile
- message: Authentication is required to create a color profile
- defaults:
- allow_active: yes
- allow_any: no
- allow_inactive: no
org.freedesktop.color-manager.delete-device
- description: Remove a color managed device
- message: Authentication is required to remove a color managed device
- defaults:
- allow_active: yes
- allow_any: no
- allow_inactive: no
org.freedesktop.color-manager.delete-profile
- description: Remove a color profile
- message: Authentication is required to remove a color profile
- defaults:
- allow_active: yes
- allow_any: no
- allow_inactive: no
org.freedesktop.color-manager.device-inhibit
- description: Inhibit color profile selection
- message: Authentication is required to disable profile matching for a device
- defaults:
- allow_active: yes
- allow_any: no
- allow_inactive: no
org.freedesktop.color-manager.install-system-wide
- description: Install system color profiles
- message: Authentication is required to install the color profile for all users
- defaults:
- allow_active: auth_admin_keep
- allow_any: no
- allow_inactive: no
org.freedesktop.color-manager.modify-device
- description: Modify color settings for a device
- message: Authentication is required to modify the color settings for a device
- defaults:
- allow_active: yes
- allow_any: no
- allow_inactive: no
org.freedesktop.color-manager.modify-profile
- description: Modify a color profile
- message: Authentication is required to modify a color profile
- defaults:
- allow_active: yes
- allow_any: no
- allow_inactive: no
org.freedesktop.color-manager.sensor-lock
- description: Use color sensor
- message: Authentication is required to use the color sensor
- defaults:
- allow_active: yes
- allow_any: no
- allow_inactive: no
org.freedesktop.consolekit.system.restart
- description: Restart the system
- message: System policy prevents restarting the system
- defaults:
- allow_active: yes
- allow_inactive: no
org.freedesktop.consolekit.system.restart-multiple-users
- description: Restart the system when multiple users are logged in
- message: System policy prevents restarting the system when other users are logged in
- defaults:
- allow_active: auth_admin_keep
- allow_inactive: no
org.freedesktop.consolekit.system.stop
- description: Stop the system
- message: System policy prevents stopping the system
- defaults:
- allow_active: yes
- allow_inactive: no
org.freedesktop.consolekit.system.stop-multiple-users
- description: Stop the system when multiple users are logged in
- message: System policy prevents stopping the system when other users are logged in
- defaults:
- allow_active: auth_admin_keep
- allow_inactive: no
org.freedesktop.hostname1.set-hostname
- description: Set host name
- message: Authentication is required to set the local host name.
- defaults:
- allow_active: auth_admin_keep
- allow_any: auth_admin_keep
- allow_inactive: auth_admin_keep
org.freedesktop.hostname1.set-machine-info
- description: Set machine information
- message: Authentication is required to set local machine information.
- defaults:
- allow_active: auth_admin_keep
- allow_any: auth_admin_keep
- allow_inactive: auth_admin_keep
org.freedesktop.hostname1.set-static-hostname
- description: Set static host name
- message: Authentication is required to set the statically configured local host name, as well as the pretty host name.
- defaults:
- allow_active: auth_admin_keep
- allow_any: auth_admin_keep
- allow_inactive: auth_admin_keep
org.freedesktop.locale1.set-keyboard
- description: Set system keyboard settings
- message: Authentication is required to set the system keyboard settings.
- defaults:
- allow_active: auth_admin_keep
- allow_any: auth_admin_keep
- allow_inactive: auth_admin_keep
org.freedesktop.locale1.set-locale
- description: Set system locale
- message: Authentication is required to set the system locale.
- defaults:
- allow_active: auth_admin_keep
- allow_any: auth_admin_keep
- allow_inactive: auth_admin_keep
org.freedesktop.policykit.exec
- description: Run programs as another user
- message: Authentication is required to run a program as another user
- defaults:
- allow_active: auth_admin
- allow_any: auth_admin
- allow_inactive: auth_admin
org.freedesktop.policykit.lockdown
- description: Configure lock down for an action
- message: Authentication is required to configure lock down policy
- defaults:
- allow_active: auth_admin
- allow_any: no
- allow_inactive: no
org.freedesktop.udisks.cancel-job-others
- description: Cancel a job initiated by another user
- message: Authentication is required to cancel a job initiated by another user
- defaults:
- allow_active: auth_admin
- allow_any: no
- allow_inactive: no
org.freedesktop.udisks.change
- description: Modify a device
- message: Authentication is required to modify the device
- defaults:
- allow_active: yes
- allow_any: no
- allow_inactive: no
org.freedesktop.udisks.change-system-internal
- description: Modify a system-internal device
- message: Authentication is required to modify the device
- defaults:
- allow_active: auth_admin_keep
- allow_any: no
- allow_inactive: no
org.freedesktop.udisks.drive-ata-smart-refresh
- description: Refresh ATA SMART data
- message: Authentication is required to refresh ATA SMART data
- defaults:
- allow_active: yes
- allow_any: no
- allow_inactive: no
- overrides (package)
- identity: unix-group:admin;unix-group:sudo
- allow_active: yes
- identity: unix-group:admin;unix-group:sudo
org.freedesktop.udisks.drive-ata-smart-retrieve-historical-data
- description: Retrieve historical ATA SMART data
- message: Authentication is required to retrieve historical ATA SMART data
- defaults:
- allow_active: yes
- allow_any: no
- allow_inactive: no
- overrides (package)
- identity: unix-group:admin;unix-group:sudo
- allow_active: yes
- identity: unix-group:admin;unix-group:sudo
org.freedesktop.udisks.drive-ata-smart-selftest
- description: Run ATA SMART Self Tests
- message: Authentication is required to run ATA SMART self tests
- defaults:
- allow_active: auth_admin
- allow_any: no
- allow_inactive: no
- overrides (package)
- identity: unix-group:admin;unix-group:sudo
- allow_active: yes
- identity: unix-group:admin;unix-group:sudo
org.freedesktop.udisks.drive-detach
- description: Detach a drive
- message: Authentication is required to detach the drive
- defaults:
- allow_active: yes
- allow_any: no
- allow_inactive: no
org.freedesktop.udisks.drive-eject
- description: Eject media from a device
- message: Authentication is required to eject media from the device
- defaults:
- allow_active: yes
- allow_any: no
- allow_inactive: no
org.freedesktop.udisks.drive-set-spindown
- description: Set drive spindown timeout
- message: Authentication is required to configure drive spindown timeout
- defaults:
- allow_active: yes
- allow_any: no
- allow_inactive: no
org.freedesktop.udisks.filesystem-check
- description: Check file system on a device
- message: Authentication is required to check the file system on the device
- defaults:
- allow_active: yes
- allow_any: no
- allow_inactive: no
- overrides (package)
- identity: unix-group:admin;unix-group:sudo
- allow_active: yes
- identity: unix-group:admin;unix-group:sudo
org.freedesktop.udisks.filesystem-check-system-internal
- description: Check file system of a system-internal device
- message: Authentication is required to check the file system on the device
- defaults:
- allow_active: auth_admin_keep
- allow_any: no
- allow_inactive: no
- overrides (package)
- identity: unix-group:admin;unix-group:sudo
- allow_active: yes
- identity: unix-group:admin;unix-group:sudo
org.freedesktop.udisks.filesystem-lsof
- description: List open files
- message: Authentication is required to list open files on a mounted file system
- defaults:
- allow_active: yes
- allow_any: no
- allow_inactive: no
- overrides (package)
- identity: unix-group:admin;unix-group:sudo
- allow_active: yes
- identity: unix-group:admin;unix-group:sudo
org.freedesktop.udisks.filesystem-lsof-system-internal
- description: List open files on a system-internal device
- message: Authentication is required to list open files on a mounted file system
- defaults:
- allow_active: auth_admin_keep
- allow_any: no
- allow_inactive: no
- overrides (package)
- identity: unix-group:admin;unix-group:sudo
- allow_active: yes
- identity: unix-group:admin;unix-group:sudo
org.freedesktop.udisks.filesystem-mount
- description: Mount a device
- message: Authentication is required to mount the device
- defaults:
- allow_active: yes
- allow_any: no
- allow_inactive: no
- overrides (package)
- identity: unix-group:admin;unix-group:sudo
- allow_active: yes
- identity: unix-group:admin;unix-group:sudo
org.freedesktop.udisks.filesystem-mount-system-internal
- description: Mount a system-internal device
- message: Authentication is required to mount the device
- defaults:
- allow_active: auth_admin_keep
- allow_any: no
- allow_inactive: no
- overrides (package)
- identity: unix-group:admin;unix-group:sudo
- allow_active: yes
- identity: unix-group:admin;unix-group:sudo
org.freedesktop.udisks.filesystem-unmount-others
- description: Unmount a device mounted by another user
- message: Authentication is required to unmount devices mounted by another user
- defaults:
- allow_active: auth_admin
- allow_any: no
- allow_inactive: no
- overrides (package)
- identity: unix-group:admin;unix-group:sudo
- allow_active: yes
- identity: unix-group:admin;unix-group:sudo
org.freedesktop.udisks.inhibit-polling
- description: Inhibit media detection
- message: Authentication is required to inhibit media detection
- defaults:
- allow_active: yes
- allow_any: no
- allow_inactive: no
org.freedesktop.udisks.linux-lvm2
- description: Configure Linux LVM2
- message: Authentication is required to configure Linux LVM2
- defaults:
- allow_active: auth_admin_keep
- allow_any: no
- allow_inactive: no
org.freedesktop.udisks.linux-md
- description: Configure Linux Software RAID
- message: Authentication is required to configure Linux Software RAID devices
- defaults:
- allow_active: auth_admin_keep
- allow_any: no
- allow_inactive: no
org.freedesktop.udisks.luks-lock-others
- description: Lock an encrypted device unlocked by another user
- message: Authentication is required to lock an encrypted device unlocked by another user
- defaults:
- allow_active: auth_admin
- allow_any: no
- allow_inactive: no
org.freedesktop.udisks.luks-unlock
- description: Unlock an encrypted device
- message: Authentication is required to unlock an encrypted device
- defaults:
- allow_active: yes
- allow_any: no
- allow_inactive: no
org.freedesktop.upower.hibernate
- description: Hibernate the system
- message: Authentication is required to hibernate the system
- defaults:
- allow_active: yes
- allow_inactive: no
- overrides (package)
- identity: unix-user:*
- allow_active: no
- identity: unix-user:*
org.freedesktop.upower.qos.cancel-request
- description: Cancel a latency request
- message: Authentication is required to cancel a latency request
- defaults:
- allow_active: auth_admin
- allow_inactive: no
org.freedesktop.upower.qos.request-latency
- description: Set the required latency of an application
- message: Authentication is required to set the required latency of an application
- defaults:
- allow_active: yes
- allow_inactive: no
org.freedesktop.upower.qos.request-latency-persistent
- description: Set a persistent latency setting
- message: Authentication is required to set a persistent latency setting
- defaults:
- allow_active: yes
- allow_inactive: no
org.freedesktop.upower.qos.set-minimum-latency
- description: Set administrator settings for latency control
- message: Authentication is required to set administrator settings for latency control
- defaults:
- allow_active: auth_admin
- allow_inactive: no
org.freedesktop.upower.suspend
- description: Suspend the system
- message: Authentication is required to suspend the system
- defaults:
- allow_active: yes
- allow_inactive: no
org.gnome.settings-daemon.plugins.power.backlight-helper
- description: Modify the laptop brightness
- message: Authentication is required to modify the laptop brightness
- defaults:
- allow_active: yes
- allow_any: no
- allow_inactive: no
org.gnome.settings-daemon.plugins.wacom.wacom-led-helper
- description: Modify the lit LED for a Wacom tablet
- message: Authentication is required to modify the lit LED for a Wacom tablet
- defaults:
- allow_active: yes
- allow_any: no
- allow_inactive: no
org.gnome.settingsdaemon.datetimemechanism.configure
- description: Change system time and date settings
- message: To change time or date settings, you need to authenticate.
- defaults:
- allow_active: auth_admin_keep
- allow_any: no
- allow_inactive: no
- overrides (package)
- identity: unix-group:admin;unix-group:sudo
- allow_active: yes
- identity: unix-group:admin;unix-group:sudo
SecurityTeam/PolicyKitPermissions/12.04 (last edited 2013-04-16 13:26:04 by jdstrand)