 music |
 | OSdata.com |
This subchapter looks at polkit, a UNIX (and Linux) command.
polkit is used to control system-wide privileges.
free book on UNIX/Linux System AdministrationTeach Yourself UNIX/Linux System Administration and Shell Programming free computer programming text book projecttable of contents
|
This subchapter looks at polkit, a UNIX (and Linux) command.
polkit is used to control system-wide privileges.
polkit can be used to run privileged commands by typing pkexec, followed by the intended command:
$ pkexec cat README
It is generally recommended to use sudo rather than pkexec, because sudo provides greater flexibity and security.
While polkit is not part of the official Mac OS X release from Apple, it can be installed on mac OS X.
pkexec never does any validation of the ARGUMENTS passed to a program.
X11 (and other graphic) programs won’t run by default with polkit because the $DISPLAY environment variable is not set. The following information from the pkexec manual describes how to set pkexec so that it can run a graphic program.
To specify what kind of authorization is needed to execute the program
/usr/bin/pk-example-frobnicate as another user, simply write an action
definition file like this
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE policyconfig PUBLIC
"-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
"http://www.freedesktop.org/standards/PolicyKit/1/policyconfig.dtd">
<policyconfig>
<vendor>Examples for the PolicyKit Project</vendor>
<vendor_url>http://hal.freedesktop.org/docs/PolicyKit/</vendor_url>
<action id="org.freedesktop.policykit.example.pkexec.run-frobnicate">
<description>Run the PolicyKit example program Frobnicate</description>
<description xml:lang="da">Kør PolicyKit eksemplet Frobnicate</description>
<message>Authentication is required to run the PolicyKit example program Frobnicate</message>
<message xml:lang="da">Autorisering er påkrævet for at afvikle PolicyKit eksemplet Frobnicate</message>
<icon_name>audio-x-generic</icon_name>
<defaults>
<allow_any>no</allow_any>
<allow_inactive>no</allow_inactive>
<allow_active>auth_self_keep</allow_active>
</defaults>
<annotate key="org.freedesktop.policykit.exec.path">/usr/bin/pk-example-frobnicate</annotate>
</action>
</policyconfig>
and drop it in the /usr/share/polkit-1/actions directory under a
suitable name (e.g. matching the namespace of the action). Note that in
addition to specifying the program, the authentication message,
description, icon and defaults can be specified. For example, for the
action defined above, the following authentication dialog will be
shown:
[IMAGE][2]
+----------------------------------------------------------+
| Authenticate [X] |
+----------------------------------------------------------+
| |
| [Icon] Authentication is required to run the PolicyKit |
| example program Frobnicate |
| |
| An application is attempting to perform an |
| action that requires privileges. Authentication |
| is required to perform this action. |
| |
| Password: [__________________________________] |
| |
| [V] Details: |
| Command: /usr/bin/pk-example-frobnicate |
| Run As: Super User (root) |
| Action: org.fd.pk.example.pkexec.run-frobnicate |
| Vendor: Examples for the PolicyKit Project |
| |
| [Cancel] [Authenticate] |
+----------------------------------------------------------+
If the user is using the da_DK locale, the dialog looks like this:
[IMAGE][3]
+----------------------------------------------------------+
| Autorisering [X] |
+----------------------------------------------------------+
| |
| [Icon] Autorisering er pŒkr¾vet for at afvikle |
| PolicyKit eksemplet Frobnicate |
| |
| Et program fors¿ger at udf¿re en handling der |
| kr¾ver privilegier. Autorisering er pŒkr¾vet. |
| |
| Kodeord: [___________________________________] |
| |
| [V] Detaljer: |
| Bruger: Super User (root) |
| Program: /usr/bin/pk-example-frobnicate |
| Handling: org.fd.pk.example.pkexec.run-frobnicate |
| Vendor: Examples for the PolicyKit Project |
| |
| [AnnullŽr] [Autorisering] |
+----------------------------------------------------------+
Note that pkexec does no validation of the ARGUMENTS passed to PROGRAM.
In the normal case (where administrator authentication is required
every time pkexec is used), this is not a problem since if the user is
an administrator he might as well just run pkexec bash to get root.
However, if an action is used for which the user can retain
authorization (or if the user is implicitly authorized), such as with
pk-example-frobnicate above, this could be a security hole. Therefore,
as a rule of thumb, programs for which the default required
authorization is changed, should never implicitly trust user input
(e.g. like any other well-written suid program).
Coding example: I am making heavily documented and explained open source code for a method to play music for free — almost any song, no subscription fees, no download costs, no advertisements, all completely legal. This is done by building a front-end to YouTube (which checks the copyright permissions for you).
View music player in action: www.musicinpublic.com/.
Create your own copy from the original source code/ (presented for learning programming).
return to table of contents
free downloadable college text book
free downloadable system administrator and shell programming book
Because I no longer have the computer and software to make PDFs, the book is available as an HTML file, which you can convert into a PDF.
 |
 |
| previous page | next page |
| Tweets by @osdata |
free book on UNIX/Linux System AdministrationTeach Yourself UNIX/Linux System Administration and Shell Programming free computer programming text book projectBuilding a free downloadable text book on computer programming for university, college, community college, and high school classes in computer programming. If you like the idea of this project, Supporting the entire project: If you have a business or organization that can support the entire cost of this project, please contact Pr Ntr Kmt (my church) Some or all of the material on this web page appears in the |
This web site handcrafted on Macintosh 
computers using Tom Bender’s Tex-Edit Plus 
and served using FreeBSD 
.
†UNIX used as a generic term unless specifically used as a trademark (such as in the phrase “UNIX certified”). UNIX is a registered trademark in the United States and other countries, licensed exclusively through X/Open Company Ltd.
Names and logos of various OSs are trademarks of their respective owners.
Copyright © 2014 Milo
Created: January 9, 2014
Last Updated: June 8, 2014
return to table of contents
free downloadable college text book
free downloadable system administrator and shell programming book
|
|
| previous page | next page |
