diff options
author | Ondrej Holy <oholy@redhat.com> | 2021-05-12 10:19:56 +0200 |
---|---|---|
committer | Ondrej Holy <oholy@redhat.com> | 2021-06-07 07:28:17 +0000 |
commit | 141eee12c5c6c37e098cef2f1a80d1df58168d5b (patch) | |
tree | 1dc3fdeedb85fad3fc12b85255c5bf7db6c06526 /daemon/org.gtk.vfs.file-operations.rules.in | |
parent | dede4bbda08a02c47b917c03eaf59e994b15edbb (diff) | |
download | gvfs-141eee12c5c6c37e098cef2f1a80d1df58168d5b.tar.gz |
admin: Make the privileged group configurable
Currently, `wheel` group is hardcoded in the `.rules` file which is there
to prevent redundant password prompt when starting gvfsd-admin. The Debian
based systems obviously uses `sudo` group instead of `wheel`. Let's make
the privileged group configurable.
https://gitlab.gnome.org/GNOME/gvfs/-/issues/565
Diffstat (limited to 'daemon/org.gtk.vfs.file-operations.rules.in')
-rw-r--r-- | daemon/org.gtk.vfs.file-operations.rules.in | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/daemon/org.gtk.vfs.file-operations.rules.in b/daemon/org.gtk.vfs.file-operations.rules.in new file mode 100644 index 00000000..a3a2f643 --- /dev/null +++ b/daemon/org.gtk.vfs.file-operations.rules.in @@ -0,0 +1,13 @@ +// Allows users belonging to privileged group to start gvfsd-admin without +// authorization. This prevents redundant password prompt when starting +// gvfsd-admin. The gvfsd-admin causes another password prompt to be shown +// for each client process using the different action id and for the subject +// based on the client process. +polkit.addRule(function(action, subject) { + if ((action.id == "org.gtk.vfs.file-operations-helper") && + subject.local && + subject.active && + subject.isInGroup ("@PRIVILEGED_GROUP@")) { + return polkit.Result.YES; + } +}); |