[blfs-support] Polkit Actions

Armin K. krejzi at email.com
Wed Dec 11 10:20:26 PST 2013

On 12/11/2013 06:45 PM, Dan McGhee wrote:
> Now that I've learned (?) how to deal with polkit--as documented in 
> another thread--I'd like to get a few more things under my belt.  In 
> particular, I'd like to call gparted from the menus in my desktop 
> system.  The way it works in Ubuntu is that a message pops up and asks 
> for my password before GParted runs.  Right now I get only the message 
> that I need to be root to run it.  I found this at the Arch wiki:

Ubuntu used gksu/gksudo which called respective utilities for
authentication as superuser. PolicyKit is somehow different mechanism.

>> <?xml version="1.0" encoding="UTF-8"?>
>> <!DOCTYPE policyconfig PUBLIC
>>   "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
>>   "http://www.freedesktop.org/standards/PolicyKit/1/policyconfig.dtd">
>> <policyconfig>
>>    <action id="org.archlinux.pkexec.gparted">
>>      <message>Authentication is required to run the GParted Partition Editor</message>
>>      <icon_name>gparted</icon_name>
>>      <defaults>
>>        <allow_any>auth_admin</allow_any>
>>        <allow_inactive>auth_admin</allow_inactive>
>>        <allow_active>auth_admin</allow_active>
>>      </defaults>
>>      <annotate key="org.freedesktop.policykit.exec.path">/usr/bin/gparted</annotate>
>>      <annotate key="org.freedesktop.policykit.exec.allow_gui">true</annotate>
>>    </action>
>> </policyconfig>
> This is a polkit action file to be put in /usr/share/polkit-1/actions 
> directory.  As written, it would go in that directory with the name
> "org.archlinux.pkexec.gparted"
> What I haven't been able to find is the answer to the following 
> question.  Does it matter that part of the name would be "org.archlinux" 
> or is this just a name and doesn't refer to anything else on my system.  
> There are only two "org's" in the actions I have now: freedesktop and 
> xorg.  Both of those have things installed on my system.  If it's just a 
> name, then I don't have to consider anything else.

This matters little. You could use any valid domain name or no at all.
See https://bbs.archlinux.org/viewtopic.php?pid=999328#p999328, for
nearly the same rule they used org.freedesktop...

> In addition to GParted, I would like to employ this method for the 
> Catalyst Control Center for my ATI-Radeon chip.
> Thanks,
> Dan

You have to edit both .desktop files and add "pkexec /path/to/program"
to the Exec= line. Do note that using pkexec requires an authentication
agent to be running, such as polkit-gnome or lxpolkit.

The file you mentioned is necessarry because pkexec won't allow running
gui programs by default.

Note: My last name is not Krejzi.

More information about the blfs-support mailing list