[blfs-support] Polkit Actions

Armin K. krejzi at email.com
Wed Dec 11 15:01:33 PST 2013

On 12/11/2013 11:53 PM, Dan McGhee wrote:
> On 12/11/2013 03:56 PM, Armin K. wrote:
>> On 12/11/2013 10:06 PM, Dan McGhee wrote:
>>> On 12/11/2013 12:20 PM, Armin K. wrote:
>>>> On 12/11/2013 06:45 PM, Dan McGhee wrote:
>>>>> In addition to GParted, I would like to employ this method for the
>>>>> Catalyst Control Center for my ATI-Radeon chip.
>>>> You have to edit both .desktop files and add "pkexec /path/to/program"
>>>> to the Exec= line. Do note that using pkexec requires an authentication
>>>> agent to be running, such as polkit-gnome or lxpolkit.
>>>> The file you mentioned is necessarry because pkexec won't allow running
>>>> gui programs by default.
>>> When I first read this, I didn't do anything because I have polkit-gnome
>>> installed. When I made the changes for pkexec in the gparted.desktop
>>> file and tried to run it, nothing happened. I didn't even get the
>>> message that I needed to be root. I guess that's progress.
>> You don't need to be root. As I said, pkexec *won't* allow you to run
>> gui programs when using "pkexec guiprogram" unless you *create* a policy
>> file in /usr/share/polkit-1/actions (which is the file you posted and I
>> linked to in the arch forums).
> I was unclear in my statement. I created the policy file containing the 
> action. I edited the gparted.desktop file to include pkexec. When I 
> selected "GParted" in my Applications Menu, nothing happened. I did not 
> even get a message.
> For clarity's sake, I'll include the files. I kept from doing this to 
> keep the posts shorter. But maybe there is something in them that 
> prevents what I'm trying to do.
> Here is 
> /usr/share/polkit-1/actions/org.freedesktop.policykit.pkexec.run-gparted.policy:
>> exec.run-gparted.policy
>> <?xml version="1.0" encoding="UTF-8"?>
>> <!DOCTYPE policyconfig PUBLIC
>> "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
>> "http://www.freedesktop.org/standards/PolicyKit/1/policyconfig.dtd">
>> <policyconfig>
>> <action id="org.freedesktop.policykit.pkexec.run-gparted">
>> <description>Run GParted</description>
>> <message>Authentication is required to run GParted</message>
>> <defaults>
>> <allow_any>no</allow_any>
>> <allow_inactive>no</allow_inactive>
>> <allow_active>auth_admin_keep</allow_active>
>> </defaults>
>> <annotate 
>> key="org.freedesktop.policykit.exec.path">/usr/sbin/gparted</annotate>
>> <annotate key="org.freedesktop.policykit.exec.allow_gui">TRUE</annotate>
>> </action>
>> </policyconfig>

I've created /usr/share/polkit-1/actions/org.gnome.gparted.policy file
with the same contents (name shouldn't matter), and restarted polkitd

> Here is /usr/share/applications/gparted.desktop:
>> Name=GParted
>> GenericName=Partition Editor
>> Comment=Create, reorganize, and delete partitions
>> Exec=pkexec /usr/sbin/gparted %f
>> Icon=gparted
>> Terminal=false
>> Type=Application
>> Categories=GNOME;System;Filesystem;
>> StartupNotify=true

I've edited the desktop file and made it same as yours.

> And finally, the 
> /etc/xdg/autostart/polkit-gnome-authentication-agent-1.desktop:
>> [Desktop Entry]
>> Name=PolicyKit Authentication Agent
>> Comment=PolicyKit Authentication Agent
>> Exec=/usr/lib/polkit-gnome/polkit-gnome-authentication-agent-1
>> Terminal=false
>> Type=Application
>> Categories=
>> NoDisplay=true
>> OnlyShowIn=GNOME;XFCE;Unity;
>> AutostartCondition=GNOME3 unless-session gnome

I have the same desktop file here. However, you do need to verify if
authentication agent is started. Run "ps aux | grep polkit". You should
get something like:

armin      726  0.0  0.2 565160 15636 ?        Sl   17:48   0:00

in the output.

>  From everything I've read, I don't think I need a rule in 
> /etc/polkit-1/rules.d. There is no rule there.

No, you don't need any.

> Like I said, when I try to run Gparted from the desktop, absolutely 
> nothing happens. It's got to be something quite simple now, but I can't 
> see it.

You should see polkit authentication dialog, asking for an administrator
password. Do note that an gui authentication agent *must* be running
(polkit-gnome in this case).

That said, with the same configuration, everything works fine here. I
do, however, use polkit-0.10whatever with Linux PAM support. Not sure if
that should matter.

> Also, Armin, thanks for explaining the autostart file options for me, 
> and also for you other help so far.
> Dan

Note: My last name is not Krejzi.

More information about the blfs-support mailing list