admin: Make the privileged group configurable

Currently, `wheel` group is hardcoded in the `.rules` file which is there
to prevent redundant password prompt when starting gvfsd-admin. The Debian
based systems obviously uses `sudo` group instead of `wheel`. Let's make
the privileged group configurable.

https://gitlab.gnome.org/GNOME/gvfs/-/issues/565

1 files changed, 13 insertions, 0 deletions

diff --git a/daemon/org.gtk.vfs.file-operations.rules.in b/daemon/org.gtk.vfs.file-operations.rules.in
new file mode 100644
index 00000000..a3a2f643
--- /dev/null
+++ b/daemon/org.gtk.vfs.file-operations.rules.in
@@ -0,0 +1,13 @@
+// Allows users belonging to privileged group to start gvfsd-admin without
+// authorization. This prevents redundant password prompt when starting
+// gvfsd-admin. The gvfsd-admin causes another password prompt to be shown
+// for each client process using the different action id and for the subject
+// based on the client process.
+polkit.addRule(function(action, subject) {
+        if ((action.id == "org.gtk.vfs.file-operations-helper") &&
+            subject.local &&
+            subject.active &&
+            subject.isInGroup ("@PRIVILEGED_GROUP@")) {
+            return polkit.Result.YES;
+        }
+});