16

I'm trying to write a new .rules file for PolicyKit. My test attempt (in the directory /etc/polkit-1/rules.d/) looks like this: 

polkit.addRule(function(action, subject) {
    polkit.spawn(["rm","/home/gabriel/test"]);
    if (action.id == "org.freedesktop.policykit.exec") {
        polkit.log("action=" + action);
        polkit.log("subject=" + subject);
    }
    return polkit.Result.NOT_HANDLED;
});

But as far as I can tell, this code is never run. The test file is still there, and there's no log output after running something like $ pkexec -u otheruser bash

(I have tried marking the .rules files as executable.)

Keidax
  • 771
  • 3
  • 9
  • 20

3 Answers3

23

If you are on Ubuntu 22.04 (or lower) then you are still using the old version of PolKit, where there are no .rules files but only .pkla and .conf files.

On the command prompt, do:

pkaction --version

If it says < 0.106, then you can only use the old syntax.

You can create a .pkla file in /etc/polkit-1/localauthority/, see man pklocalauthority for directions and examples.

Peter Evselyev
  • 93
  • 6
Bart
  • 241
  • 2
  • 5
  • 1
    Ubuntu 15.10 is still on the old version. ````pkaction --version```` gives ````pkaction version 0.105```` – Roger Binns Mar 24 '16 at 17:38
  • 6
    Ubuntu 18.04 still carries 0.105!!!! Oh, my!!!! – Osqui Dec 13 '17 at 23:41
  • 1
    And even no 0.106+ version is in repos for Ubuntu! OMG! – Suncatcher May 06 '18 at 08:07
  • 2
    ubuntu 19.04 `pkaction version 0.105`. New rules files are written in JavaScript unsupported. – Denis Denisov Nov 18 '18 at 22:08
  • 3
    Ubuntu 20.04 still uses 0.105 – Fernando Silveira Aug 24 '20 at 15:27
  • 1
    Ubuntu 20.10 still uses 0.105!!!! I can't believe ubuntu is using an 8-year-old version of polkit. – Thayne Nov 06 '20 at 17:31
  • What if I have a `.rules` file like in the question? I simply change its extension and move it to `/etc/polkit-1/localauthority/`? – Adrian Feb 13 '22 at 15:18
  • [This has some of the reasoning behind refusing to upgrade](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=946231#10) it.. (Ubuntu is debian with a few extra things added) – Gert van den Berg Nov 07 '22 at 09:16
  • A newer version was [merged into Debian unstable (sid) in October 2022](https://packages.debian.org/sid/policykit-1) (which forms the basis for Ubuntu, so a newer version might be available in 23.04 and the next LTS (likely 24.04) `121+compat0.1-5` was the first newer version to get out of experimental – Gert van den Berg Nov 07 '22 at 09:25
0

The following worked for me (ubuntu 22.04 with pkaction version 0.105):

Edit the following file:

/var/lib/polkit-1/localauthority/10-vendor.d/com.ubuntu.desktop.pkla

And make the first section look like:

[Mounting, checking, etc. of internal drives]
Identity=unix-group:admin;unix-group:sudo
Action=org.freedesktop.udisks.filesystem-*;org.freedesktop.udisks.drive-ata-smart*;org.freedesktop.udisks2.encrypted-unlock-system;org.freedesktop.udisks2.filesystem-fstab;org.freedesktop.udisks2.filesystem-mount-system;org.freedesktop.udisks2.filesystem-mount-other-seat;
ResultAny=yes
ResultInactive=yes
ResultActive=yes

Reboot is not required. Works just after you edit the file.

Note I added "org.freedesktop.udisks2.filesystem-mount-other-seat" here. In my case, when I was trying to mount a disk from commandline, I was receiving the following message:

$ udisksctl mount -b /dev/sdb1
==== AUTHENTICATING FOR org.freedesktop.udisks2.filesystem-mount-other-seat ===
Authentication is required to mount WD Elements 25A3 (/dev/sdb1)
Authenticating as: User,,, (user)
zpetukhov
  • 116
  • 5
0

To work as expected, you have to put your own .rules files in:

/usr/share/polkit-1/rules.d

Note that it should also solve this question.

Community
  • 1
Sylvain Pineau
  • 61,564
  • 18
  • 149
  • 183
  • Moving the file there didn't seem to change anything. Also, according to [the polkit docs](http://www.freedesktop.org/software/polkit/docs/latest/polkit.8.html) and [the Arch wiki](https://wiki.archlinux.org/index.php/PolicyKit), `/etc/polkit-1/rules.d` should be used for user configuration. So I'm not sure what difference changing directories makes. – Keidax Oct 13 '14 at 16:47
  • @Keidax: what's the name of your `.rules` file? – Sylvain Pineau Oct 13 '14 at 16:49
  • 2
    Currently `/usr/share/polkit-1/rules.d/10-udisks-personal.rules` – Keidax Oct 13 '14 at 16:51