djk44883 wrote:and just swap between tabs ...
Listing polkit files will not give you any information of the environement used by Polkit to find program policies.
Policykit-1 is used by Debian since something about
2009 (version 0.95-1)
https://lists.debian.org/debian-testing ... 00019.html
Examples of policies placement:
---------------
policykit-1: /usr/share/polkit-1/actions/org.freedesktop.policykit.policy
kdelibs5-data: /usr/share/kde4/apps/kjava/kjava.policy
freeplane: /usr/share/freeplane/freeplane.policy
isakmpd: /etc/isakmpd/isakmpd.policy
openjdk-11-jre-headless: /etc/java-11-openjdk/security/java.policy
tomcat9: /etc/tomcat9/policy.d/01system.policy
---------------
An interesting one to understand Policykit is
udisks2, which policy is at /usr/share/polkit-1/actions/org.freedesktop.UDisks2.policy
Mounting a disk partition in a terminal requires root permission.
But in a desktop environment, a user can plug a USB key, mount it and use it.
The USB key will be mounted at
/media/$USER/$DISK_LABEL, without requesting any root permission.
The disk partitions visible in a file manager can be mounted by a user, if allowed at visudo level, but a password will be requested.
Policykit is managing these permission mechanisms at higher level, making the bridge with visudo.
Only programs used in a desktop environment really requiring specific permissions have Polkit policies.
Others do not have any Polkit policies, because not needed, not necessary.
A terminal does not need any Polkit policies.
But if a user for unclear justification insists to open a terminal in a root graphic environment, and not his own user environment, he normally can with
pkexec.
Code: Select all
pkexec env DISPLAY=$DISPLAY XAUTHORITY=$XAUTHORITY xterm
It works for me, in a KDE environment. It does not work apparently for others. Don't know why, but as it is not necessary and not recommended, it does not seem to be a real issue.
It seems that Polkit problems are more concentrated on gnome. I've seen in this forum a user who had problems to mount disk partition in "thunar" where I never had in Dolphin.
Code: Select all
# pkexec env
SHELL=/bin/bash
PATH=/usr/sbin:/usr/bin:/sbin:/bin:/root/bin
LOGNAME=root
USER=root
HOME=/root
PKEXEC_UID=1000