我需要允许一些用户在他们的系统上安装软件包,并且整个系统由puppet管理。
我有这个文件:
#modules/polkit/manifests/init.pp
define polkit(
# filename without a path
# $name,
$filename="/var/lib/polkit-1/localauthority/50-local.d/$name.pkla",
$users,
$groups,
# e.g. org.debian.apt.install-or-remove-packages -- use pkaction for a list.
$action,
# result
$result_active='',
$result_inactive='',
$result_any='',
$return_value=''
) {
file { "$filename":
ensure => present,
content => template('polkit/pkla.erb'),
owner => 'root',
group => 'root',
mode => '0644'
}
}
在另一个文件中:
#modules/polkit/manifests/install_packages.pp
class polkit::install_packages($users=[], $groups=['admin','sudo']) {
polkit { 'lsv-install-packages':
action => 'org.debian.apt.install-or-remove-packages',
users => $users,
groups => $groups,
result_active => 'auth_self_keep'
}
}
这就是我所拥有的manifests/desktops.pp:
node
'computerxxx'
inherits desktop {
include packages::desktop_default
class { 'polkit::install_packages':
users => [ 'gooduser' ]
}
}
因此,我在客户端机器上有这个:
/vsr/lib/polkit/localauthority/50-local.d/lsv-install-packages.pkla
[lsv-install-packages]
Identity=unix-user:gooduser;unix-group:admin;unix-group:sudo
Action=org.debian.apt.install-or-remove-packages
ResultActive=auth_self_keep
但它似乎没有制定适当的规则。如果该用户尝试安装软件包,他们将收到此消息:
$ apt-get install emacs
E: Could not open lock file /var/lib/dpkg/lock - open (13: Permission denied)
E: Unable to lock the administration directory (/var/lib/dpkg/), are you root?
我怎样才能解决这个问题?
(我相信 PolicyKit 应该是这个问题的标签之一,有人可以将该标签添加到帖子中吗?)