1PKLA-ADMIN-IDENTIT(8)        pkla-admin-identities       PKLA-ADMIN-IDENTIT(8)
2
3
4

NAME

6       pkla-admin-identities - List pklocalauthority-configured polkit
7       administrators
8

SYNOPSIS

10       pkla-admin-identities [--help]
11
12       pkla-admin-identities [--config-path config-path]
13

DESCRIPTION

15       pkla-admin-identities interprets configuration files described below to
16       determine which users polkit(8) considers administrators, using a
17       non-JavaScript configuration file format described below.
18
19       Note: Determining which users are considered administrators is driven
20       by JavaScript rules as described in polkit(8).  pkla-admin-identities
21       is called by a JavaScript rule file named 49-polkit-pkla-compat.rules;
22       other JavaScript rules with a higher priority may exist, so the
23       pkla-admin-identities configuration may not necessarily govern the
24       final decision by polkit(8).
25
26       The ordering of the JavaScript rule files and the ordering of
27       pkla-admin-identities configuration files is not integrated and uses
28       different rules; the pkla-admin-identities configuration evaluation is
29       happens at a single point within the JavaScript rule evaluation order.
30
31       pkla-admin-identities is an internal helper program of
32       pkla-polkit-compat. You shouldn't need to run it directly, except for
33       debugging purposes.
34
35       Configuration is read from files with a .conf extension in the
36       /etc/polkit-1/localauthority.conf.d directory. All files are read in
37       lexicographical order (using the C locale), meaning that later files
38       can override earlier ones. The file 50-localauthority.conf contains the
39       settings provided by the OS vendor. Users and 3rd party packages can
40       drop configuration files with a priority higher than 60 to change the
41       defaults. The configuration file format is simple. Each configuration
42       file is a key file (also commonly known as a ini file) with a single
43       group called [Configuration]. Only a single key, AdminIdentities is
44       read. The value of this key is a semi-colon separated list of
45       identities that can be used when administrator authentication is
46       required. Users are specified by prefixing the user name with
47       unix-user:, groups of users are specified by prefixing with
48       unix-group:, and netgroups of users are specified with unix-netgroup:.
49       See the section called “EXAMPLE” for an example of a configuration
50       file.
51
52       pkla-admin-identities outputs the resulting configuration of
53       administrator identities, one identity per line, using the same format
54       (including e.g. the unix-user: prefix). If no administrator identities
55       are configured in the above-described configuration files, the output
56       will be empty.
57

OPTIONS

59       -h, --help
60           Write a summary of the available options to standard output and
61           exit successfully.
62
63       -c, --config-path=config-path
64           Search for configuration files in config-path instead of the
65           default /etc/polkit-1/localauthority.conf.d.
66

EXIT STATUS

68       pkla-admin-identities exits with 0 on success (even if there are no
69       administrator identities), and a non-zero status on error.
70

FILES

72       /etc/polkit-1/localauthority.conf.d
73           Default directory containing configuration files.
74

EXAMPLE

76       The following .conf file
77
78           [Configuration]
79           AdminIdentities=unix-group:staff
80
81
82       specifies that any user in the staff UNIX group can be used for
83       authentication when administrator authentication is needed. This file
84       would typically be installed in the /etc/polkit-1/localauthority.conf.d
85       directory and given the name 60-desktop-policy.conf to ensure that it
86       is evaluated after the 50-localauthority.conf file shipped with
87       pkla-polkit-compat. If the local administrator wants to override this
88       (suppose 60-desktop-policy.conf was shipped as part of the OS) he can
89       simply create a file 99-my-admin-configuration.conf with the following
90       content
91
92           [Configuration]
93           AdminIdentities=unix-user:lisa;unix-user:marge
94
95
96       to specify that only the users lisa and marge can authenticate when
97       administrator authentication is needed.
98

AUTHOR

100       Written by David Zeuthen <davidz@redhat.com> with a lot of help from
101       many others. Adapted by Miloslav Trmač <mitr@redhat.com>.
102

SEE ALSO

104       polkit(8)
105
106
107
108polkit-pkla-compat                 May 2013              PKLA-ADMIN-IDENTIT(8)
Impressum