polkit: disable all users except those in group wheel?

Posted by John Nash on Ask Ubuntu See other posts from Ask Ubuntu or by John Nash
Published on 2012-09-04T18:52:29Z Indexed on 2012/09/04 21:50 UTC
Read the original article Hit count: 988

Is it possible to do the following using 1 polkit .pkla file?

  1. Disable all users except those in the wheel group from using polkit.
  2. The users in the wheel group will need to provide the root password when using polkit.

/etc/polkit-1/localauthority/50-local.d/wheel-only.pkla

[disable all users except the wheel group]
Identity=unix-group:wheel
Action=*
ResultAny=???
ResultInactive=???
ResultActive=???

The following file works but you need to provide all the users in /etc/group:

[disable all users except those in the wheel group: root and myuser]
Identity=unix-user:daemon;unix-user:bin;unix-user:sys;unix-user:adm;unix-user:tty;unix-user:disk;unix-user:lp;unix-user:mail;unix-user:news;unix-user:uucp;unix-user:man;unix-user:proxy;unix-user:kmem;unix-user:dialout;unix-user:fax;unix-user:voice;unix-user:cdrom;unix-user:floppy;unix-user:tape;unix-user:sudo;unix-user:audio;unix-user:dip;unix-user:www-data;unix-user:backup;unix-user:operator;unix-user:list;unix-user:irc;unix-user:src;unix-user:gnats;unix-user:shadow;unix-user:utmp;unix-user:video;unix-user:sasl;unix-user:plugdev;unix-user:staff;unix-user:games;unix-user:users;unix-user:nogroup;unix-user:libuuid;unix-user:crontab;unix-user:messagebus;unix-user:Debian-exim;unix-user:mlocate;unix-user:avahi;unix-user:netdev;unix-user:bluetooth;unix-user:lpadmin;unix-user:ssl-cert;unix-user:fuse;unix-user:utempter;unix-user:Debian-gdm;unix-user:scanner;unix-user:saned;unix-user:i2c;unix-user:haldaemon;unix-user:powerdev
Action=*
ResultAny=no
ResultInactive=no
ResultActive=no

© Ask Ubuntu or respective owner

Related posts about permissions

Related posts about security