PolicyKit rules never come into effect

Question

I'm trying to write a new .rules file for PolicyKit. My test attempt (in the directory /etc/polkit-1/rules.d/) looks like this:

polkit.addRule(function(action, subject) {
    polkit.spawn(["rm","/home/gabriel/test"]);
    if (action.id == "org.freedesktop.policykit.exec") {
        polkit.log("action=" + action);
        polkit.log("subject=" + subject);
    }
    return polkit.Result.NOT_HANDLED;
});

But as far as I can tell, this code is never run. The test file is still there, and there's no log output after running something like $ pkexec -u otheruser bash

(I have tried marking the .rules files as executable.)

score 26 · Answer 1 · edited Aug 22 '22 at 08:59

26

If you are on Ubuntu 22.04 (or lower) then you are still using the old version of PolKit, where there are no .rules files but only .pkla and .conf files.

On the command prompt, do:

pkaction --version

If it says < 0.106, then you can only use the old syntax.

You can create a .pkla file in /etc/polkit-1/localauthority/, see man pklocalauthority for directions and examples.

edited Aug 22 '22 at 08:59

Peter Evselyev

91

answered Nov 30 '15 at 01:54

Bart

271

1

Ubuntu 15.10 is still on the old version. pkaction --version gives pkaction version 0.105 – Roger Binns Mar 24 '16 at 17:38
6

Ubuntu 18.04 still carries 0.105!!!! Oh, my!!!! – Osqui Dec 13 '17 at 23:41
1

And even no 0.106+ version is in repos for Ubuntu! OMG! – Suncatcher May 06 '18 at 08:07
2

ubuntu 19.04 pkaction version 0.105. New rules files are written in JavaScript unsupported. – Denis Denisov Nov 18 '18 at 22:08
3

Ubuntu 20.04 still uses 0.105 – Fernando Silveira Aug 24 '20 at 15:27
1

Ubuntu 20.10 still uses 0.105!!!! I can't believe ubuntu is using an 8-year-old version of polkit. – Thayne Nov 06 '20 at 17:31
What if I have a .rules file like in the question? I simply change its extension and move it to /etc/polkit-1/localauthority/? – Adrian Feb 13 '22 at 15:18
This has some of the reasoning behind refusing to upgrade it.. (Ubuntu is debian with a few extra things added) – Gert van den Berg Nov 07 '22 at 09:16
A newer version was merged into Debian unstable (sid) in October 2022 (which forms the basis for Ubuntu, so a newer version might be available in 23.04 and the next LTS (likely 24.04) 121+compat0.1-5 was the first newer version to get out of experimental – Gert van den Berg Nov 07 '22 at 09:25

score 0 · Answer 2 · answered Mar 05 '23 at 04:48

The following worked for me (ubuntu 22.04 with pkaction version 0.105):

Edit the following file:

/var/lib/polkit-1/localauthority/10-vendor.d/com.ubuntu.desktop.pkla

And make the first section look like:

[Mounting, checking, etc. of internal drives]
Identity=unix-group:admin;unix-group:sudo
Action=org.freedesktop.udisks.filesystem-*;org.freedesktop.udisks.drive-ata-smart*;org.freedesktop.udisks2.encrypted-unlock-system;org.freedesktop.udisks2.filesystem-fstab;org.freedesktop.udisks2.filesystem-mount-system;org.freedesktop.udisks2.filesystem-mount-other-seat;
ResultAny=yes
ResultInactive=yes
ResultActive=yes

Reboot is not required. Works just after you edit the file.

Note I added "org.freedesktop.udisks2.filesystem-mount-other-seat" here. In my case, when I was trying to mount a disk from commandline, I was receiving the following message:

$ udisksctl mount -b /dev/sdb1
==== AUTHENTICATING FOR org.freedesktop.udisks2.filesystem-mount-other-seat ===
Authentication is required to mount WD Elements 25A3 (/dev/sdb1)
Authenticating as: User,,, (user)

score 0 · Answer 3 · edited Apr 13 '17 at 12:24

0

To work as expected, you have to put your own .rules files in:

/usr/share/polkit-1/rules.d

Note that it should also solve this question.

edited Apr 13 '17 at 12:24

Community

1

answered Oct 13 '14 at 16:11

Sylvain Pineau

62,169

Moving the file there didn't seem to change anything. Also, according to the polkit docs and the Arch wiki, /etc/polkit-1/rules.d should be used for user configuration. So I'm not sure what difference changing directories makes. – Keidax Oct 13 '14 at 16:47
@Keidax: what's the name of your .rules file? – Sylvain Pineau Oct 13 '14 at 16:49
2

Currently /usr/share/polkit-1/rules.d/10-udisks-personal.rules – Keidax Oct 13 '14 at 16:51

PolicyKit rules never come into effect

3 Answers3

Linked