Code: Select all
%attr(0700,polkitd,root) %dir %{_sysconfdir}/polkit-1/rules.d
Code: Select all
# systemctl status polkit
● polkit.service - Authorization Manager
Loaded: loaded (/usr/lib/systemd/system/polkit.service; static; vendor preset: enabled)
Active: active (running) since 2019-08-29 23:44:47 CST; 3 days ago
Docs: man:polkit(8)
Main PID: 726 (polkitd)
CGroup: /system.slice/polkit.service
└─726 /usr/lib/polkit-1/polkitd --no-debug
systemd[1]: Starting Authorization Manager...
polkitd[726]: Started polkitd version 0.112
polkitd[726]: Loading rules from directory /etc/polkit-1/rules.d
polkitd[726]: Loading rules from directory /usr/share/polkit-1/rules.d
polkitd[726]: Finished loading, compiling and executing 2 rules
polkitd[726]: Acquired the name org.freedesktop.PolicyKit1 on the system bus
systemd[1]: Started Authorization Manager.
Code: Select all
# ps -elf | grep polkitd
4 S polkitd 726 1 0 80 0 - 135131 poll_s 8 29 ? 00:00:01 /usr/lib/polkit-1/polkitd --no-debug
Code: Select all
polkit.addRule(function(action, subject) {
if (subject.isInGroup("test")) {
return polkit.Result.YES;
}
})
Code: Select all
[test@localhost ~]$ id
uid=1001(test) gid=1001(test) groups=1001(test) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
[test@localhost ~]$ pkexec id
uid=0(root) gid=0(root) groups=0(root) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
Finally,why not set the permissions to 500,the user polkitd only have read and search permissions