[blfs-support] Polkit Actions

Dan McGhee beesnees at grm.net
Wed Dec 11 14:53:06 PST 2013

On 12/11/2013 03:56 PM, Armin K. wrote:
> On 12/11/2013 10:06 PM, Dan McGhee wrote:
>> On 12/11/2013 12:20 PM, Armin K. wrote:
>>> On 12/11/2013 06:45 PM, Dan McGhee wrote:
>>>> In addition to GParted, I would like to employ this method for the
>>>> Catalyst Control Center for my ATI-Radeon chip.
>>> You have to edit both .desktop files and add "pkexec /path/to/program"
>>> to the Exec= line. Do note that using pkexec requires an authentication
>>> agent to be running, such as polkit-gnome or lxpolkit.
>>> The file you mentioned is necessarry because pkexec won't allow running
>>> gui programs by default.
>> When I first read this, I didn't do anything because I have polkit-gnome
>> installed. When I made the changes for pkexec in the gparted.desktop
>> file and tried to run it, nothing happened. I didn't even get the
>> message that I needed to be root. I guess that's progress.
> You don't need to be root. As I said, pkexec *won't* allow you to run
> gui programs when using "pkexec guiprogram" unless you *create* a policy
> file in /usr/share/polkit-1/actions (which is the file you posted and I
> linked to in the arch forums).
I was unclear in my statement. I created the policy file containing the 
action. I edited the gparted.desktop file to include pkexec. When I 
selected "GParted" in my Applications Menu, nothing happened. I did not 
even get a message.

For clarity's sake, I'll include the files. I kept from doing this to 
keep the posts shorter. But maybe there is something in them that 
prevents what I'm trying to do.

Here is 

> exec.run-gparted.policy
> <?xml version="1.0" encoding="UTF-8"?>
> <!DOCTYPE policyconfig PUBLIC
> "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
> "http://www.freedesktop.org/standards/PolicyKit/1/policyconfig.dtd">
> <policyconfig>
> <action id="org.freedesktop.policykit.pkexec.run-gparted">
> <description>Run GParted</description>
> <message>Authentication is required to run GParted</message>
> <defaults>
> <allow_any>no</allow_any>
> <allow_inactive>no</allow_inactive>
> <allow_active>auth_admin_keep</allow_active>
> </defaults>
> <annotate 
> key="org.freedesktop.policykit.exec.path">/usr/sbin/gparted</annotate>
> <annotate key="org.freedesktop.policykit.exec.allow_gui">TRUE</annotate>
> </action>
> </policyconfig>

Here is /usr/share/applications/gparted.desktop:

> Name=GParted
> GenericName=Partition Editor
> Comment=Create, reorganize, and delete partitions
> Exec=pkexec /usr/sbin/gparted %f
> Icon=gparted
> Terminal=false
> Type=Application
> Categories=GNOME;System;Filesystem;
> StartupNotify=true

And finally, the 

> [Desktop Entry]
> Name=PolicyKit Authentication Agent
> Comment=PolicyKit Authentication Agent
> Exec=/usr/lib/polkit-gnome/polkit-gnome-authentication-agent-1
> Terminal=false
> Type=Application
> Categories=
> NoDisplay=true
> OnlyShowIn=GNOME;XFCE;Unity;
> AutostartCondition=GNOME3 unless-session gnome

 From everything I've read, I don't think I need a rule in 
/etc/polkit-1/rules.d. There is no rule there.
Like I said, when I try to run Gparted from the desktop, absolutely 
nothing happens. It's got to be something quite simple now, but I can't 
see it.

Also, Armin, thanks for explaining the autostart file options for me, 
and also for you other help so far.


More information about the blfs-support mailing list