diff options
author | Ondrej Holy <oholy@redhat.com> | 2021-05-12 10:19:56 +0200 |
---|---|---|
committer | Ondrej Holy <oholy@redhat.com> | 2021-06-07 07:28:17 +0000 |
commit | 141eee12c5c6c37e098cef2f1a80d1df58168d5b (patch) | |
tree | 1dc3fdeedb85fad3fc12b85255c5bf7db6c06526 /daemon | |
parent | dede4bbda08a02c47b917c03eaf59e994b15edbb (diff) | |
download | gvfs-141eee12c5c6c37e098cef2f1a80d1df58168d5b.tar.gz |
admin: Make the privileged group configurable
Currently, `wheel` group is hardcoded in the `.rules` file which is there
to prevent redundant password prompt when starting gvfsd-admin. The Debian
based systems obviously uses `sudo` group instead of `wheel`. Let's make
the privileged group configurable.
https://gitlab.gnome.org/GNOME/gvfs/-/issues/565
Diffstat (limited to 'daemon')
-rw-r--r-- | daemon/meson.build | 11 | ||||
-rw-r--r-- | daemon/org.gtk.vfs.file-operations.rules.in (renamed from daemon/org.gtk.vfs.file-operations.rules) | 4 |
2 files changed, 11 insertions, 4 deletions
diff --git a/daemon/meson.build b/daemon/meson.build index dffeef3e..c89ef407 100644 --- a/daemon/meson.build +++ b/daemon/meson.build @@ -374,8 +374,15 @@ if enable_admin install_dir: gvfs_datadir / 'polkit-1/actions', ) - install_data( - gvfs_namespace + '.file-operations.rules', + rules = gvfs_namespace + '.file-operations.rules' + + rules_conf = configuration_data() + rules_conf.set('PRIVILEGED_GROUP', privileged_group) + + configure_file( + input: rules + '.in', + output: rules, + configuration: rules_conf, install_dir: gvfs_datadir / 'polkit-1/rules.d', ) endif diff --git a/daemon/org.gtk.vfs.file-operations.rules b/daemon/org.gtk.vfs.file-operations.rules.in index fb137327..a3a2f643 100644 --- a/daemon/org.gtk.vfs.file-operations.rules +++ b/daemon/org.gtk.vfs.file-operations.rules.in @@ -1,4 +1,4 @@ -// Allows users belonging to wheel group to start gvfsd-admin without +// Allows users belonging to privileged group to start gvfsd-admin without // authorization. This prevents redundant password prompt when starting // gvfsd-admin. The gvfsd-admin causes another password prompt to be shown // for each client process using the different action id and for the subject @@ -7,7 +7,7 @@ polkit.addRule(function(action, subject) { if ((action.id == "org.gtk.vfs.file-operations-helper") && subject.local && subject.active && - subject.isInGroup ("wheel")) { + subject.isInGroup ("@PRIVILEGED_GROUP@")) { return polkit.Result.YES; } }); |