PolicyKit/doc/spec polkit-spec.html,1.5,1.6
David Zeuthen
david at kemper.freedesktop.org
Tue Jun 6 07:48:29 PDT 2006
Update of /cvs/hal/PolicyKit/doc/spec
In directory kemper:/tmp/cvs-serv28998/doc/spec
Modified Files:
polkit-spec.html
Log Message:
2006-06-06 David Zeuthen <davidz at redhat.com>
Patch from Frederic Peters <fpeters at entrouvert.com>. jhbuild
monitors files being installed and prevents them from being
written out of its target directory. This means HAL now prevents
jhautobuild[1] to complete since pam-polkit-console hardcodes
/lib/security. Attached is a patch with a configure
option (--with-pam-module-dir) so it is possible to set an other
directory. [1] http://jhbuild.bxlug.be
* pam-polkit-console/Makefile.am:
* configure.in:
Index: polkit-spec.html
===================================================================
RCS file: /cvs/hal/PolicyKit/doc/spec/polkit-spec.html,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -d -r1.5 -r1.6
--- polkit-spec.html 6 Jun 2006 11:55:50 -0000 1.5
+++ polkit-spec.html 6 Jun 2006 14:48:27 -0000 1.6
@@ -1,10 +1,10 @@
<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>PolicyKit 0.2 Specification</title><meta name="generator" content="DocBook XSL Stylesheets V1.69.1"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="book" lang="en"><div class="titlepage"><div><div><h1 class="title"><a name="index"></a>PolicyKit 0.2 Specification</h1></div><div><div class="authorgroup"><div class="author"><h3 class="author"><span class="firstname">David</span> <span class="surname">Zeuthen</span></h3><div class="affiliation"><div class="address"><p><br>
<code class="email"><<a href="mailto:david at fubar.dk">david at fubar.dk</a>></code><br>
- </p></div></div></div></div></div><div><p class="releaseinfo">Version 0.2</p></div></div><hr></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="chapter"><a href="#introduction">1. Introduction</a></span></dt><dd><dl><dt><span class="sect1"><a href="#id2484164">About</a></span></dt></dl></dd><dt><span class="chapter"><a href="#operation">2. Theory of operation</a></span></dt><dd><dl><dt><span class="sect1"><a href="#id2484188">Privileges</a></span></dt><dt><span class="sect1"><a href="#id2514878">Architecture</a></span></dt><dt><span class="sect1"><a href="#id2479395">Example</a></span></dt></dl></dd><dt><span class="chapter"><a href="#resources">3. Resources</a></span></dt><dd><dl><dt><span class="sect1"><a href="#id2479620">Resource Identifiers</a></span></dt></dl></dd><dt><span class="chapter"><a href="#privileges">4. Privileges</a></span></dt><dd><dl><dt><span class="sect1"><a href="#id2483424">Privilege Descriptors</a></span></dt><dt><span class="sect1"><a href="#id2483501">File Format</a></span></dt><dd><dl><dt><span class="sect2"><a href="#id2483526"><code class="literal">RequiredPrivileges</code>: Required Privileges</a></span></dt><dt><span class="sect2"><a href="#id2483555"><code class="literal">SufficientPrivileges</code>: Sufficient Privileges</a></span></dt><dt><span class="sect2"><a href="#id2483588"><code class="literal">Allow, Deny</code>: Criteria for Possesing a Privilege</a></span></dt><dt><span class="sect2"><a href="#can-obtain"><code class="literal">CanObtain</code>: Obtaining Privileges</a></span></dt><dt><span class="sect2"><a href="#id2479219"><code class="literal">CanGrant</code>: Granting Privileges</a></span></dt><dt><span class="sect2"><a href="#id2523872"><code class="literal">ObtainRequireRoot</code>: Authentication Requirements</a></span></dt></dl></dd><dt><span class="sect1"><a href="#privs-by-polkit">Privileges defined by PolicyKit</a></span></dt><dd><dl><dt><span class="sect2"><a href="#priv-desktop-console"><code class="literal">desktop-console</code> : Users at a local console</a></span></dt></dl></dd></dl></dd></dl></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="introduction"></a>Chapter 1. Introduction</h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="#id2484164">About</a></span></dt></dl></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2484164"></a>About</h2></div></div></div><p>
+ </p></div></div></div></div></div><div><p class="releaseinfo">Version 0.2</p></div></div><hr></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="chapter"><a href="#introduction">1. Introduction</a></span></dt><dd><dl><dt><span class="sect1"><a href="#id2867132">About</a></span></dt></dl></dd><dt><span class="chapter"><a href="#operation">2. Theory of operation</a></span></dt><dd><dl><dt><span class="sect1"><a href="#id2867155">Privileges</a></span></dt><dt><span class="sect1"><a href="#id2897848">Architecture</a></span></dt><dt><span class="sect1"><a href="#id2862356">Example</a></span></dt></dl></dd><dt><span class="chapter"><a href="#resources">3. Resources</a></span></dt><dd><dl><dt><span class="sect1"><a href="#id2862581">Resource Identifiers</a></span></dt></dl></dd><dt><span class="chapter"><a href="#privileges">4. Privileges</a></span></dt><dd><dl><dt><span class="sect1"><a href="#id2866392">Privilege Descriptors</a></span></dt><dt><span class="sect1"><a href="#id2866469">File Format</a></span></dt><dd><dl><dt><span class="sect2"><a href="#id2866494"><code class="literal">RequiredPrivileges</code>: Required Privileges</a></span></dt><dt><span class="sect2"><a href="#id2866523"><code class="literal">SufficientPrivileges</code>: Sufficient Privileges</a></span></dt><dt><span class="sect2"><a href="#id2866556"><code class="literal">Allow, Deny</code>: Criteria for Possesing a Privilege</a></span></dt><dt><span class="sect2"><a href="#can-obtain"><code class="literal">CanObtain</code>: Obtaining Privileges</a></span></dt><dt><span class="sect2"><a href="#id2862178"><code class="literal">CanGrant</code>: Granting Privileges</a></span></dt><dt><span class="sect2"><a href="#id2906842"><code class="literal">ObtainRequireRoot</code>: Authentication Requirements</a></span></dt></dl></dd><dt><span class="sect1"><a href="#privs-by-polkit">Privileges defined by PolicyKit</a></span></dt><dd><dl><dt><span class="sect2"><a href="#priv-desktop-console"><code class="literal">desktop-console</code> : Users at a local console</a></span></dt></dl></dd></dl></dd></dl></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="introduction"></a>Chapter 1. Introduction</h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="#id2867132">About</a></span></dt></dl></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2867132"></a>About</h2></div></div></div><p>
PolicyKit is a system for enabling unprivileged desktop
applications to invoke privileged methods on system-wide
components in a controlled manner.
- </p></div></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="operation"></a>Chapter 2. Theory of operation</h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="#id2484188">Privileges</a></span></dt><dt><span class="sect1"><a href="#id2514878">Architecture</a></span></dt><dt><span class="sect1"><a href="#id2479395">Example</a></span></dt></dl></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2484188"></a>Privileges</h2></div></div></div><p>
+ </p></div></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="operation"></a>Chapter 2. Theory of operation</h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="#id2867155">Privileges</a></span></dt><dt><span class="sect1"><a href="#id2897848">Architecture</a></span></dt><dt><span class="sect1"><a href="#id2862356">Example</a></span></dt></dl></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2867155"></a>Privileges</h2></div></div></div><p>
One major concept of the PolicyKit system is the notion of
privileges; a <span class="emphasis"><em>PolicyKit privilege</em></span>
(referred to simply as
@@ -17,7 +17,7 @@
allowed to invoke a method, the system level component defines
a set of
<span class="emphasis"><em>privileges</em></span>.
- </p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2514878"></a>Architecture</h2></div></div></div><p>
+ </p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2897848"></a>Architecture</h2></div></div></div><p>
The PolicyKit system is basically client/server and is
implemented as the
system-wide <code class="literal">org.freedesktop.PolicyKit</code> D-BUS
@@ -34,7 +34,7 @@
In addition, the PolicyKit system includes client side
libraries and command-line utilities wrapping the D-BUS API of
the <code class="literal">org.freedesktop.PolicyKit</code> service.
- </p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2479395"></a>Example</h2></div></div></div><p>
+ </p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2862356"></a>Example</h2></div></div></div><p>
As an example, HAL exports the method <code class="literal">Mount</code>
on the
<code class="literal">org.freedesktop.Hal.Device.Volume</code> interface
@@ -96,20 +96,20 @@
<img src="polkit-arch.png">
</p><p>
The whole example is outlined in the diagram above.
- </p></div></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="resources"></a>Chapter 3. Resources</h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="#id2479620">Resource Identifiers</a></span></dt></dl></div><p>
+ </p></div></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="resources"></a>Chapter 3. Resources</h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="#id2862581">Resource Identifiers</a></span></dt></dl></div><p>
PolicyKit allows granting privileges only on
certain <span class="emphasis"><em>resources</em></span>. For example, for HAL, it
is possible to grant the
privilege <span class="emphasis"><em>hal-storage-fixed-mount</em></span> to the
user with uid 500 but only for the HAL device object
representing e.g. the <code class="literal">/dev/hda3</code> partition.
- </p><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2479620"></a>Resource Identifiers</h2></div></div></div><p> Resource identifers are prefixed with a name identifying
+ </p><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2862581"></a>Resource Identifiers</h2></div></div></div><p> Resource identifers are prefixed with a name identifying
what service they belong to. The following resource
identifiers are defined
</p><div class="itemizedlist"><ul type="disc"><li><p>
<code class="literal">hal://</code>
HAL Unique Device Identifiers also known as HAL UID's. Example: <code class="literal">hal:///org/freedesktop/Hal/devices/volume_uuid_1a28b356_9955_44f9_b268_6ed6639978f5</code>
- </p></li></ul></div></div></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="privileges"></a>Chapter 4. Privileges</h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="#id2483424">Privilege Descriptors</a></span></dt><dt><span class="sect1"><a href="#id2483501">File Format</a></span></dt><dd><dl><dt><span class="sect2"><a href="#id2483526"><code class="literal">RequiredPrivileges</code>: Required Privileges</a></span></dt><dt><span class="sect2"><a href="#id2483555"><code class="literal">SufficientPrivileges</code>: Sufficient Privileges</a></span></dt><dt><span class="sect2"><a href="#id2483588"><code class="literal">Allow, Deny</code>: Criteria for Possesing a Privilege</a></span></dt><dt><span class="sect2"><a href="#can-obtain"><code class="literal">CanObtain</code>: Obtaining Privileges</a></span></dt><dt><span class="sect2"><a href="#id2479219"><code class="literal">CanGrant</code>: Granting Privileges</a></span></dt><dt><span class="sect2"><a href="#id2523872"><code class="literal">ObtainRequireRoot</code>: Authentication Requirements</a></span></dt></dl></dd><dt><span class="sect1"><a href="#privs-by-polkit">Privileges defined by PolicyKit</a></span></dt><dd><dl><dt><span class="sect2"><a href="#priv-desktop-console"><code class="literal">desktop-console</code> : Users at a local console</a></span></dt></dl></dd></dl></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2483424"></a>Privilege Descriptors</h2></div></div></div><p>
+ </p></li></ul></div></div></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="privileges"></a>Chapter 4. Privileges</h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="#id2866392">Privilege Descriptors</a></span></dt><dt><span class="sect1"><a href="#id2866469">File Format</a></span></dt><dd><dl><dt><span class="sect2"><a href="#id2866494"><code class="literal">RequiredPrivileges</code>: Required Privileges</a></span></dt><dt><span class="sect2"><a href="#id2866523"><code class="literal">SufficientPrivileges</code>: Sufficient Privileges</a></span></dt><dt><span class="sect2"><a href="#id2866556"><code class="literal">Allow, Deny</code>: Criteria for Possesing a Privilege</a></span></dt><dt><span class="sect2"><a href="#can-obtain"><code class="literal">CanObtain</code>: Obtaining Privileges</a></span></dt><dt><span class="sect2"><a href="#id2862178"><code class="literal">CanGrant</code>: Granting Privileges</a></span></dt><dt><span class="sect2"><a href="#id2906842"><code class="literal">ObtainRequireRoot</code>: Authentication Requirements</a></span></dt></dl></dd><dt><span class="sect1"><a href="#privs-by-polkit">Privileges defined by PolicyKit</a></span></dt><dd><dl><dt><span class="sect2"><a href="#priv-desktop-console"><code class="literal">desktop-console</code> : Users at a local console</a></span></dt></dl></dd></dl></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2866392"></a>Privilege Descriptors</h2></div></div></div><p>
Applications, such as HAL, installs <span class="emphasis"><em>privilege
descriptors</em></span> into
the <code class="literal">/etc/PolicyKit/privilege.d</code> directory
@@ -128,7 +128,7 @@
Information on whether the user can obtain the privilege, and if he can, whether only temporarily or permanently.
</p></li><li><p>
Whether a user with the privilege may permanently grant it to other users.
- </p></li></ul></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2483501"></a>File Format</h2></div></div></div><p>
+ </p></li></ul></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2866469"></a>File Format</h2></div></div></div><p>
A developer of a system-wide application wanting to define a
privilege must create a privilege descriptor. This is a a
simple <code class="literal">.ini</code>-like config file. Here is what
@@ -142,7 +142,7 @@
CanObtain=
CanGrant=
ObtainRequireRoot=
- </pre><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2483526"></a><code class="literal">RequiredPrivileges</code>: Required Privileges</h3></div></div></div><p>
+ </pre><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2866494"></a><code class="literal">RequiredPrivileges</code>: Required Privileges</h3></div></div></div><p>
This is a list of privileges the user must possess in order
to possess the given privilege. If the user doesn't possess
all of these privileges he is not considered to possess the
@@ -151,7 +151,7 @@
for one or more resources. E.g., if <code class="literal">foo</code>
is a required privilege then just having this privilege on
one resource is sufficient.
- </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2483555"></a><code class="literal">SufficientPrivileges</code>: Sufficient Privileges</h3></div></div></div><p>
+ </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2866523"></a><code class="literal">SufficientPrivileges</code>: Sufficient Privileges</h3></div></div></div><p>
This is a list of privileges that, if a user possess any of
these, he is consider to possess the given privilege. The
list may be empty. A privilege in this list is considered
@@ -159,7 +159,7 @@
resources. As with <code class="literal">RequiredPrivileges</code>,
if <code class="literal">foo</code> is a sufficient privilege then
just having this privilege on one resource is sufficient.
- </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2483588"></a><code class="literal">Allow, Deny</code>: Criteria for Possesing a Privilege</h3></div></div></div><p>
+ </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2866556"></a><code class="literal">Allow, Deny</code>: Criteria for Possesing a Privilege</h3></div></div></div><p>
Both <code class="literal">Allow</code> and <code class="literal">Deny</code>
contains lists describing what users are allowed
respectively denied the privilege. The elements of in each
@@ -258,7 +258,7 @@
has <code class="literal">CanObtain</code> set
to <code class="literal">False</code>, the user will always have to
authenticate as the super user.
- </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2479219"></a><code class="literal">CanGrant</code>: Granting Privileges</h3></div></div></div><p>
+ </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2862178"></a><code class="literal">CanGrant</code>: Granting Privileges</h3></div></div></div><p>
This property (it can assume the
values <code class="literal">True</code> and <code class="literal">False</code>)
describes whether an user with the given privilege can
@@ -289,7 +289,7 @@
the value <code class="literal">True</code> if this property assumes
the value <code class="literal">True</code>. Otherwise this property
effectively assumes the value <code class="literal">False</code>.
- </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2523872"></a><code class="literal">ObtainRequireRoot</code>: Authentication Requirements</h3></div></div></div><p>
+ </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2906842"></a><code class="literal">ObtainRequireRoot</code>: Authentication Requirements</h3></div></div></div><p>
If the property <code class="literal">CanObtain</code> assumes the
value <code class="literal">True</code>
or <code class="literal">Temporary</code> it means the user can
More information about the hal-commit
mailing list