From: Leo Prikler <leo.prikler@student.tugraz.at>
To: "Ludovic Courtès" <ludo@gnu.org>
Cc: guix-devel@gnu.org
Subject: Re: Wheel group as polkit admins
Date: Sat, 23 Nov 2019 20:08:39 +0100 [thread overview]
Message-ID: <3b18f59a286f79cbf648f35143bdec9ffd8717fe.camel@student.tugraz.at> (raw)
In-Reply-To: <87imna4im0.fsf@gnu.org>
[-- Attachment #1: Type: text/plain, Size: 1484 bytes --]
Hi Ludo,
Am Samstag, den 23.11.2019, 18:17 +0100 schrieb Ludovic Courtès:
> Hi Leo,
>
> Leo Prikler <leo.prikler@student.tugraz.at> skribis:
>
> > Thanks for the hint. Since it's all just static text, I don't
> > really
> > need the whole Guile power of computed-file, so I've shortened it
> > to:
> >
> > (define polkit-wheel
> > (file-union
> > "polkit-wheel"
> > `(("share/polkit-1/rules.d/wheel.rules"
> > ,(plain-file
> > "wheel.rules"
> > "polkit.addAdminRule(function(action, subject) {
> > return [\"unix-group:wheel\"];
> > });
> > ")))))
>
> Neat.
>
> > > Should we make that the default, BTW? It would seem to make
> > > sense as
> > > that’s the whole point of the “wheel” group.
> > >
> > > What do people think?
> >
> > I'm probably biased as the author of this service, but I think it
> > would
> > probably make sense to include it in %desktop-services. Perhaps we
> > could even add wheel.rules to polkit-service-type itself, although
> > I'm
> > somewhat conflicted on that, as one could not opt out.
>
> Yeah, let’s make it a separate service like you did.
>
> Could you send a patch that does that?
>
> Thanks!
>
> Ludo’.
Sure. I've split it up into two patches – one for the service itself,
and one to add it to %desktop-services. Also I'm using a simple-
service instead of a service type, but it still serves the same
purpose.
Regards,
Leo
[-- Attachment #2: 0001-services-Add-polkit-wheel-service.patch --]
[-- Type: text/x-patch, Size: 1364 bytes --]
From 42eedd4d9d64a8432f787e68d64476c59200c1b6 Mon Sep 17 00:00:00 2001
From: Leo Prikler <leo.prikler@student.tugraz.at>
Date: Sat, 23 Nov 2019 19:51:15 +0100
Subject: [PATCH 1/2] services: Add polkit-wheel-service.
* gnu/services/desktop.scm: (polkit-wheel): New variable.
(polkit-wheel-service): New service.
---
gnu/services/desktop.scm | 21 +++++++++++++++++++++
1 file changed, 21 insertions(+)
diff --git a/gnu/services/desktop.scm b/gnu/services/desktop.scm
index 0152e86e8a..e58a08e068 100644
--- a/gnu/services/desktop.scm
+++ b/gnu/services/desktop.scm
@@ -135,6 +135,8 @@
inputattach-configuration?
inputattach-service-type
+ polkit-wheel-service
+
%desktop-services))
;;; Commentary:
@@ -1064,6 +1066,25 @@ as expected.")))
(description "Return a service that runs inputattach on a device and
dispatches events from it.")))
+\f
+;;;
+;;; polkit-wheel-service
+;;;
+
+(define polkit-wheel
+ (file-union
+ "polkit-wheel"
+ `(("share/polkit-1/rules.d/wheel.rules"
+ ,(plain-file
+ "wheel.rules"
+ "polkit.addAdminRule(function(action, subject) {
+ return [\"unix-group:wheel\"];
+});
+")))))
+
+(define polkit-wheel-service
+ (simple-service 'polkit-wheel polkit-service-type (list polkit-wheel)))
+
\f
;;;
;;; The default set of desktop services.
--
2.24.0
[-- Attachment #3: 0002-services-Add-polkit-wheel-service-to-desktop-service.patch --]
[-- Type: text/x-patch, Size: 1040 bytes --]
From 1585513cc6d96e2f32a56850c9c26551a29d9f0f Mon Sep 17 00:00:00 2001
From: Leo Prikler <leo.prikler@student.tugraz.at>
Date: Sat, 23 Nov 2019 19:58:11 +0100
Subject: [PATCH 2/2] services: Add polkit-wheel-service to %desktop-services.
* gnu/services/desktop.scm: (%desktop-services): Add polkit-wheel-service.
---
gnu/services/desktop.scm | 3 +++
1 file changed, 3 insertions(+)
diff --git a/gnu/services/desktop.scm b/gnu/services/desktop.scm
index e58a08e068..9b8d5be905 100644
--- a/gnu/services/desktop.scm
+++ b/gnu/services/desktop.scm
@@ -1101,6 +1101,9 @@ dispatches events from it.")))
;; Add udev rules for MTP devices so that non-root users can access
;; them.
(simple-service 'mtp udev-service-type (list libmtp))
+ ;; Add polkit rules, so that non-root users in the wheel group can
+ ;; perform administrative tasks (similar to "sudo").
+ polkit-wheel-service
;; NetworkManager and its applet.
(service network-manager-service-type)
--
2.24.0
next prev parent reply other threads:[~2019-11-23 19:08 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-11-09 14:40 Wheel group as polkit admins Leo Prikler
2019-11-17 16:46 ` Ludovic Courtès
2019-11-17 17:52 ` Leo Prikler
2019-11-23 17:17 ` Ludovic Courtès
2019-11-23 19:08 ` Leo Prikler [this message]
2019-11-26 10:17 ` Ludovic Courtès
2019-11-26 12:35 ` Leo Prikler
2019-11-30 22:51 ` Ludovic Courtès
2019-11-17 18:18 ` Marius Bakke
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3b18f59a286f79cbf648f35143bdec9ffd8717fe.camel@student.tugraz.at \
--to=leo.prikler@student.tugraz.at \
--cc=guix-devel@gnu.org \
--cc=ludo@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/guix.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.