Polkit: Difference between revisions
imported>Coreyoconnor update to newer unit options unitConfig and serviceConfig |
imported>Lumarius Added a note about lxqt-policykit |
||
(12 intermediate revisions by 6 users not shown) | |||
Line 6: | Line 6: | ||
Polkit is disabled by default. If you wish to enable it, you can set <code>security.polkit.enable</code> to true. | Polkit is disabled by default. If you wish to enable it, you can set <code>security.polkit.enable</code> to true. | ||
== Reboot/poweroff for unprivileged users == | |||
With the following rule, we can grant the permissions <code>reboot</code> and <code>poweroff</code> a machine to users in the <code> | |||
users</code> group. | |||
This is useful on a multi-user machine. It may also be of particular importance when using XRDP or other similar [[Remote Desktop]] solutions. | |||
{{file|/etc/nixos/configuration.nix|nix|<nowiki> | |||
security.polkit.extraConfig = '' | |||
polkit.addRule(function(action, subject) { | |||
if ( | |||
subject.isInGroup("users") | |||
&& ( | |||
action.id == "org.freedesktop.login1.reboot" || | |||
action.id == "org.freedesktop.login1.reboot-multiple-sessions" || | |||
action.id == "org.freedesktop.login1.power-off" || | |||
action.id == "org.freedesktop.login1.power-off-multiple-sessions" | |||
) | |||
) | |||
{ | |||
return polkit.Result.YES; | |||
} | |||
}) | |||
''; | |||
</nowiki>}} | |||
== Authentication agents == | == Authentication agents == | ||
Line 18: | Line 44: | ||
systemd = { | systemd = { | ||
user.services.polkit-gnome-authentication-agent-1 = { | user.services.polkit-gnome-authentication-agent-1 = { | ||
description = "polkit-gnome-authentication-agent-1"; | |||
wantedBy = [ "graphical-session.target" ]; | |||
wants = [ "graphical-session.target" ]; | |||
after = [ "graphical-session.target" ]; | |||
serviceConfig = { | serviceConfig = { | ||
Type = "simple"; | |||
ExecStart = "${pkgs.polkit_gnome}/libexec/polkit-gnome-authentication-agent-1"; | ExecStart = "${pkgs.polkit_gnome}/libexec/polkit-gnome-authentication-agent-1"; | ||
Restart = "on-failure"; | Restart = "on-failure"; | ||
Line 34: | Line 58: | ||
}; | }; | ||
</syntaxhighlight> | </syntaxhighlight> | ||
Another option is <code>lxqt.lxqt-policykit</code>, which can be launched on login through the command <code>lxqt-policykit-agent</code> on e.g. Hyprland. | |||
== Start the authentication agent in dwm == | |||
If you use dwm patched with [https://dwm.suckless.org/patches/autostart/dwm-autostart-20210120-cb3f58a.diff dwm-autostart-20210120-cb3f58a.diff], you can add a command into <code>~/.dwm/autostart.sh</code> to start a polkit agent. Here take <code>mate.mate-polkit</code> for example: | |||
<syntaxhighlight lang=bash> | |||
#!/bin/sh | |||
# General stuff | |||
... | |||
/nix/store/$(ls -la /nix/store | grep 'mate-polkit' | grep '4096' | awk '{print $9}' | sed -n '$p')/libexec/polkit-mate-authentication-agent-1 & | |||
... | |||
</syntaxhighlight> | |||
Use this method, you won't need to change the codes even <code>mate.mate-polkit</code> gets an update. | |||
<syntaxhighlight lang=bash> | |||
#!/bin/sh | |||
... | |||
/nix/store/$(ls -la /nix/store | grep polkit-kde-agent | grep '^d' | awk '{print $9}')/libexec/polkit-kde-authentication-agent-1 & | |||
... | |||
</syntaxhighlight> | |||
The same but for <code>polkit-kde-agent</code> |