-
Notifications
You must be signed in to change notification settings - Fork 11
Polkit Support
Federico edited this page Dec 12, 2018
·
2 revisions
Clightd uses polkit to ensure that only active sessions can call its methods.
This is great security-wise; but it can be quite painful in certain situations, eg: if you lock your pc with a screen locker, your session will become inactive thus losing the ability to call Clightd.
Some users may desire to have their screen locked and still letting clight do its magic.
Best way to achieve it is through some polkit authorization rules
Here are a couple of examples:
- Allow any user to call clightd (even inactive ones)
cat /etc/polkit-1/rules.d/80-clightd.rules
/* Allow any user to call clightd without authentication */
polkit.addRule(function(action, subject) {
if (action.id.indexOf("org.clightd.clightd.") == 0) {
return polkit.Result.YES;
}
});
- For better security, you may wish to let only users inside a certain group to call clightd methods.
Just create a "clightd" group and add your user to it:
sudo groupadd clightd
sudo usermod -a -G clightd $USER
Finally, use a rule like:
cat /etc/polkit-1/rules.d/80-clightd.rules
/* Allow any user belonging to "clightd" group to call clightd without authentication */
polkit.addRule(function(action, subject) {
if (action.id.indexOf("org.clightd.clightd.") == 0) {
if (subject.isInGroup("clightd")) {
return polkit.Result.YES;
} else {
return polkit.Result.NO;
}
}
});