问题描述:

My GUI will started as an user. There is an update-mechanism in the program, which calls a wrapper-script with root rights. For that i used gksudo, until i realized, that it is replaced by pkexec.

If i just replaced gksudo by pkexec it works quite fine. But i want to have an own message to the user. Therefore i have to modify or generate a xml-policy file in /usr/share/polkit-1/actions

My problem is, when i call

pkexec <my-program>

I'll get this prompt, which refers in Details-->Action to org.freedesktop.policykit.exec.

Do i have to place an action id-entry to this xml-file (org.freedesktop.policykit.exec) or do i have to create my own .policy file named com.myStuff.updater.policy into /usr/share/polkit-1/actions?

 <vendor>myStuff</vendor>

<vendor_url>http://myStuff.com</vendor_url>

<icon_name>myStuff</icon_name>

<action id="com.myStuff.updater">

<description>My description</description>

<message>My message</message>

<defaults>

<allow_any>no</allow_any>

<allow_inactive>no</allow_inactive>

<allow_active>auth_self_keep</allow_active>

</defaults>

<annotate key="com.myStuff.updater.exec.path">/my/path/to/wrapper.sh</annotate>

<annotate key="com.myStuff.updater.exec.allow_gui">true</annotate>

</action>

Or should i call my whole application in my .desktop-file with pkexec?

网友答案:

I strongly suggest creating your own .policy file and leave org.freedesktop.policykit.exec alone, for several reasons:

  • pkexec does not work as expected under certain circunstances, in Terminal, in .desktop files, etc. This is actually a Gnome bug about double-fork.

  • With your own .policy file you edit it at will and even configure it for password-less root privileges for your script! And that's a very interesting feature!

  • You could invoke your script simply using its name, as any other command, no need to prepend it with pkexec or sudo or anything so it would work anywhere.

You may use gparted's policy file as a template.

相关阅读:
Top