On Fri, 20 Aug 2010 21:25:13 -0000, Thomas NOEL <email address hidden> wrote:
> Public bug reported:
>
> Binary package hint: policykit-1
>
> I want to disable the org.freedesktop.upower.hibernate action for all my
> users, except for a "hibersus" group.
>
> I try this pkla :
>
> [Disable hibernate/suspend for all users]
> Identity=unix-user:*
> Action=org.freedesktop.upower.suspend;org.freedesktop.upower.hibernate
> ResultActive=no
> ResultInactive=no
> ResultAny=no
>
> [Ensable hibernate/suspend for the group hibersus]
> Identity=unix-group:hibersus
> Action=org.freedesktop.upower.suspend;org.freedesktop.upower.hibernate
> ResultActive=yes
> ResultInactive=no
> ResultAny=no
>
> I found this file simple and logical... but it doesn't work : users in
> the hibersus group cannot hibernate (like any other users). Reading "man
> pklocalauthority" I think the cause is the algorithm: unix-user:* takes
> precedence.
>
> So, I know that this is not really a bugreport (wishlist, at least), but
> : how can I disable an action for everyone (user:*) except a group ? If
> I can't, I think there is a bug in polkit...
Did you try putting the policies at different precedences?
On Fri, 20 Aug 2010 21:25:13 -0000, Thomas NOEL <email address hidden> wrote: .upower. hibernate action for all my unix-user: * org.freedesktop .upower. suspend; org.freedesktop .upower. hibernate unix-group: hibersus org.freedesktop .upower. suspend; org.freedesktop .upower. hibernate
> Public bug reported:
>
> Binary package hint: policykit-1
>
> I want to disable the org.freedesktop
> users, except for a "hibersus" group.
>
> I try this pkla :
>
> [Disable hibernate/suspend for all users]
> Identity=
> Action=
> ResultActive=no
> ResultInactive=no
> ResultAny=no
>
> [Ensable hibernate/suspend for the group hibersus]
> Identity=
> Action=
> ResultActive=yes
> ResultInactive=no
> ResultAny=no
>
> I found this file simple and logical... but it doesn't work : users in
> the hibersus group cannot hibernate (like any other users). Reading "man
> pklocalauthority" I think the cause is the algorithm: unix-user:* takes
> precedence.
>
> So, I know that this is not really a bugreport (wishlist, at least), but
> : how can I disable an action for everyone (user:*) except a group ? If
> I can't, I think there is a bug in polkit...
Did you try putting the policies at different precedences?
01-disable-...
02-enable-...
Thanks,
James