mirror of
https://github.com/systemd/systemd.git
synced 2026-01-26 04:33:06 +03:00
3150c34270
A --empower session is effectively root without being UID 0, so it doesn't make sense to enforce polkit authentication in those. Let's add the empower group, add --empower sessions to that group and ship a polkit rule to skip authentication for all users in the empower group. (As a side-effect this will also allow users to add themselves to this group outside of 'run0 --empower' to mimick NOPASSWD from sudo)
44 lines
1.6 KiB
Plaintext
44 lines
1.6 KiB
Plaintext
# This file is part of systemd.
|
|
#
|
|
# systemd is free software; you can redistribute it and/or modify it
|
|
# under the terms of the GNU Lesser General Public License as published by
|
|
# the Free Software Foundation; either version 2.1 of the License, or
|
|
# (at your option) any later version.
|
|
|
|
# The superuser
|
|
g root 0 - -
|
|
u root 0:0 "Super User" /root
|
|
|
|
# The nobody user/group for NFS file systems
|
|
g {{NOBODY_GROUP_NAME}} 65534 - -
|
|
u! {{NOBODY_USER_NAME}} 65534:65534 "Kernel Overflow User" -
|
|
|
|
# Administrator group: can *see* more than normal users
|
|
g adm {{ADM_GID }} - -
|
|
|
|
# Administrator groups: can *do* more than normal users
|
|
g wheel {{WHEEL_GID }} - -
|
|
g empower {{EMPOWER_GID}} - -
|
|
|
|
# Access to shared database of users on the system
|
|
g utmp {{UTMP_GID }} - -
|
|
|
|
# Physical and virtual hardware access groups
|
|
g audio {{AUDIO_GID }} - -
|
|
g cdrom {{CDROM_GID }} - -
|
|
g clock {{CLOCK_GID }} - -
|
|
g dialout {{DIALOUT_GID}} - -
|
|
g disk {{DISK_GID }} - -
|
|
g input {{INPUT_GID }} - -
|
|
g kmem {{KMEM_GID }} - -
|
|
g kvm {{KVM_GID }} - -
|
|
g lp {{LP_GID }} - -
|
|
g render {{RENDER_GID }} - -
|
|
g sgx {{SGX_GID }} - -
|
|
g tape {{TAPE_GID }} - -
|
|
g tty {{TTY_GID }} - -
|
|
g video {{VIDEO_GID }} - -
|
|
|
|
# Default group for normal users
|
|
g users {{USERS_GID }} - -
|