Put your rules in /etc/polkit-1/rules.d/*.rules.
See the polkit(8) manpage for rule syntax. (It's JavaScript.)
If you don't know the action name, run pkaction.
To test your rules, use pkcheck.
pkcheck -u -p $$ -a org.freedesktop.packagekit.upgrade-system
| /* Copy this to /etc/polkit-1/rules.d/packagekit-restrict.rules | |
| */ | |
| polkit.addRule(function(action, subject) { | |
| if (/^org\.freedesktop\.packagekit\./.test(action.id)) { | |
| if (subject.local && subject.active && subject.isInGroup("wheel")) { | |
| return polkit.Result.YES; | |
| } else { | |
| return polkit.Result.AUTH_ADMIN_KEEP; | |
| } | |
| } | |
| }); |
| /* Copy this to /etc/polkit-1/rules.d/allow-mount-internal.rules | |
| */ | |
| polkit.addRule(function(action, subject) { | |
| if ((action.id == "org.freedesktop.udisks2.filesystem-mount-system" || | |
| action.id == "org.freedesktop.udisks.filesystem-mount-system-internal") && | |
| subject.local && subject.active && subject.isInGroup("users")) { | |
| return polkit.Result.YES; | |
| } | |
| }); |
| polkit.addRule(function(action, subject) { | |
| if (/^org\.freedesktop\.udisks\./.test(action.id) && subject.isInGroup("wheel")) | |
| { | |
| return polkit.Result.YES; | |
| } | |
| }); |
