延迟认证

tag-icon tag-icon debian polkit
延迟认证

我使用一个简单的窗口管理器(Blackbox)运行 Debian Wheezy。如果我没记错的话,在 Ubuntu 中,一些应用程序(例如 Synaptic 和 Update Manager)仅在需要时/如果需要时才要求输入 sudo 密码。如何配置系统,以便我可以以普通用户身份启动 Update Manager,并且仅在系统更新时提供 sudo 密码?

~/.xinitrc窗口管理器从以下位置启动

exec ck-launch-session dbus-launch blackbox

我尝试添加包含以下内容的文件/var/lib/polkit-1/localauthority/50-local.d/test.pkla(并重新启动 X),但没有什么区别;update-manager启动时仍然要求输入 root 密码。

$ sudo cat /var/lib/polkit-1/localauthority/50-local.d/test.pkla
[test]
Identity=unix-group:sudo
Action=org.debian.apt.update-cache
ResultActive=yes

根据格雷姆的要求,目录的内容/usr/share/polkit-1/actions/

com.hp.hplip.policy
com.ubuntu.pkexec.synaptic.policy
com.ubuntu.softwareproperties.policy
org.debian.apt.policy
org.freedesktop.color.policy
org.freedesktop.consolekit.policy
org.freedesktop.policykit.policy
org.freedesktop.udisks.policy
org.opensuse.cupspkhelper.mechanism.policy

目录内容如下/etc/polkit-1/localauthority.conf.d

$ ls /etc/polkit-1/localauthority.conf.d/
50-localauthority.conf  51-debian-sudo.conf

$ cat /etc/polkit-1/localauthority.conf.d/50-localauthority.conf 
# Configuration file for the PolicyKit Local Authority.
#
# DO NOT EDIT THIS FILE, it will be overwritten on update.
#
# See the pklocalauthority(8) man page for more information
# about configuring the Local Authority.
#

[Configuration]
AdminIdentities=unix-user:0

$ cat /etc/polkit-1/localauthority.conf.d/51-debian-sudo.conf 
[Configuration]
AdminIdentities=unix-group:sudo

这是文件的内容sudoers

$ sudo cat /etc/sudoers
#
# This file MUST be edited with the 'visudo' command as root.
#
# Please consider adding local content in /etc/sudoers.d/ instead of
# directly modifying this file.
#
# See the man page for details on how to write a sudoers file.
#
Defaults        env_reset
Defaults        mail_badpass
Defaults        secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"

# Host alias specification

# User alias specification

# Cmnd alias specification

# User privilege specification
root    ALL=(ALL:ALL) ALL

# Allow members of group sudo to execute any command
%sudo   ALL=(ALL:ALL) ALL

# See sudoers(5) for more information on "#include" directives:

#includedir /etc/sudoers.d

答案1

您可能没有被列为 PolKit 管理员用户。例如,在 Ubuntu 上,您会发现:

$ cat /etc/polkit-1/localauthority.conf.d/51-ubuntu-admin.conf
[Configuration]
AdminIdentities=unix-group:sudo;unix-group:admin

安装时创建的用户是 的成员sudo,因此他们自动成为管理员。

要将您自己添加为管理员,请在(例如)中创建一个.conf文件,其中包含(是您的用户名):/etc/polkit-1/localauthority.conf.d/99-local-admin.confaugust

[Configuration]
AdminIdentities=unix-user:august

相关内容