Joh*_*ash 5 permissions policykit
是否可以使用 1 个 polkit .pkla 文件执行以下操作?
/etc/polkit-1/localauthority/50-local.d/99-wheel-only.pkla
[禁用除wheel组之外的所有用户] 身份=unix-group:wheel 行动=* 结果Any=??? 结果无效=??? 结果活动=???
以下文件有效,但您需要提供 /etc/group 中的所有用户:
[禁用除wheel组以外的所有用户:root和myuser] 身份=unix-user:daemon;unix-user:bin;unix-user:sys;unix-user:adm;unix-user:tty;unix-user:disk;unix-user:lp;unix-user:mail; unix-user:news;unix-user:uucp;unix-user:man;unix-user:proxy;unix-user:kmem;unix-user:dialout;unix-user:fax;unix-user:voice;unix-用户:cdrom;unix-user:floppy;unix-user:tape;unix-user:sudo;unix-user:audio;unix-user:dip;unix-user:www-data;unix-user:backup;unix-用户:操作员;unix-user:list;unix-user:irc;unix-user:src;unix-user:gnats;unix-user:shadow;unix-user:utmp;unix-user:video;unix-user: sasl;unix-user:plugdev;unix-user:staff;unix-user:games;unix-user:users;unix-user:nogroup;unix-user:libuuid;unix-user:crontab;unix-user:messagebus; unix-user:Debian-exim;unix-user:mlocate;unix-user:avahi;unix-user:netdev;unix-user:bluetooth;unix-user:lpadmin;unix-user:ssl-cert;unix-user:保险丝;unix-user:utempter;unix-user:Debian-gdm;unix-user:扫描仪;unix-user:saned;unix-user:i2c;unix-user:haldaemon;unix-user:powerdev 行动=* 结果任意=否 结果无效=否 结果活动=否
我会尝试以下.pkla
[First disable all users]
Identity=unix-user:*
Action=*
ResultActive=no
ResultInactive=no
ResultAny=no
[Then enable wheel group]
Identity=unix-group:wheel
Action=*
ResultActive=auth_admin
ResultInactive=no
ResultAny=no
结合 的修改AdminIdentities,配置在/etc/polkit-1/localauthority.conf.d/.
我有以下两个文件
[Configuration]
AdminIdentities=unix-user:0
和
[Configuration]
AdminIdentities=unix-group:sudo;unix-group:admin
第二个覆盖第一个,并强制使用sudo(和旧的admin)组。删除第二个文件后,您将收到 root 密码请求。
| 归档时间: |
|
| 查看次数: |
2810 次 |
| 最近记录: |