From 8eeed6ba6ed0b1efa2b2b05c0b108da816763069 Mon Sep 17 00:00:00 2001 From: Eric Koegel <eric.koegel@gmail.com> Date: Sat, 1 Nov 2014 22:13:18 +0300 Subject: [PATCH] Add pkexec policy (Bug #11122) This adds a pkexec policy file to Thunar. This way if the user of a desktop system wants to use thunar to modify files as root and has the proper credentials they can. pkexec comes from polkit which does about the same thing as sudo/gksu except also supports authentication methods like fingerprint or smart card readers. Signed-off-by: Simon Steinbeiss <simon.steinbeiss@elfenbeinturm.at> --- Makefile.am | 16 ++++++++++++++-- org.xfce.thunar.policy.in.in | 37 ++++++++++++++++++++++++++++++++++++ po/POTFILES.in | 1 + 3 files changed, 52 insertions(+), 2 deletions(-) create mode 100644 org.xfce.thunar.policy.in.in diff --git a/Makefile.am b/Makefile.am index 0cb69b4c5..13b991e3e 100644 --- a/Makefile.am +++ b/Makefile.am @@ -82,6 +82,15 @@ service_DATA = $(service_in_files:.service.in=.service) $(AM_V_GEN) $(SED) -e "s,\@bindir\@,$(bindir),g" < $< > $@ endif +polkit_policydir = $(datadir)/polkit-1/actions +polkit_in_in_files = \ + org.xfce.thunar.policy.in.in +polkit_in_files = $(polkit_in_in_files:.policy.in.in=.policy.in) +%.policy.in: %.policy.in.in + sed -e "s,\@bindir\@,$(bindir),g" < $< > $@ +polkit_policy_DATA = $(polkit_in_files:.policy.in=.policy) +@INTLTOOL_POLICY_RULE@ + EXTRA_DIST = \ FAQ \ HACKING \ @@ -91,7 +100,8 @@ EXTRA_DIST = \ intltool-update.in \ $(desktop_in_in_files) \ $(service_in_files) \ - $(appdata_in_files) + $(appdata_in_files) \ + $(polkit_in_in_files) CLEANFILES = $(appdata_DATA) @@ -102,7 +112,9 @@ DISTCLEANFILES = \ intltool-update \ $(desktop_in_files) \ $(desktop_DATA) \ - $(service_DATA) + $(service_DATA) \ + $(polkit_in_files) \ + $(polkit_policy_DATA) DISTCHECK_CONFIGURE_FLAGS = \ --enable-gtk-doc \ diff --git a/org.xfce.thunar.policy.in.in b/org.xfce.thunar.policy.in.in new file mode 100644 index 000000000..d64113e91 --- /dev/null +++ b/org.xfce.thunar.policy.in.in @@ -0,0 +1,37 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE policyconfig PUBLIC + "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN" + "http://www.freedesktop.org/standards/PolicyKit/1/policyconfig.dtd"> +<policyconfig> + + <!-- + Policy definitions for Thunar. + Copyright (c) 2014 Benedikt Meurer <benny@xfce.org> + Jannis Pohlmann <jannis@xfce.org> + Jeffs Franks <jcfranks@xfce.org> + Nick Schermer <nick@xfce.org> + --> + + <vendor>Thunar</vendor> + <vendor_url>http://xfce.org/</vendor_url> + <icon_name>system-file-manager</icon_name> + + + <action id="org.xfce.thunar"> + <!-- SECURITY: + - A normal active user can run thunar without elevated rights. They + may wish to modify files they normally do not have read/write access + to. This isn't a good idea, but is common on single user systems. + --> + <_description>Run Thunar as root</_description> + <_message>Authentication is required to run Thunar as root.</_message> + <defaults> + <allow_any>no</allow_any> + <allow_inactive>auth_admin</allow_inactive> + <allow_active>auth_admin</allow_active> + </defaults> + <annotate key="org.freedesktop.policykit.exec.path">@bindir@/thunar</annotate> + <annotate key="org.freedesktop.policykit.exec.allow_gui">true</annotate> + </action> + +</policyconfig> diff --git a/po/POTFILES.in b/po/POTFILES.in index c47182ae9..1c487a9e4 100644 --- a/po/POTFILES.in +++ b/po/POTFILES.in @@ -130,3 +130,4 @@ Thunar-bulk-rename.desktop.in.in Thunar-folder-handler.desktop.in.in thunar/thunar-settings.desktop.in thunar.appdata.xml.in +org.xfce.thunar.policy.in.in -- GitLab