ACC SHELL
| Path : /etc/ |
|
|
| Current File : //etc/polkit-default-privs.standard |
#
# /etc/polkit-default-privs.standard is set up for use in most
# desktop systems to make common operations work out-of-the box for
# locally logged in users. It still restricts users enough to be
# safely used on most multi user hosts.
#
# Please do not modify this file, use polkit-default-privs.local instead.
#
org.freedesktop.policykit.read auth_admin_keep_always
org.freedesktop.policykit.revoke auth_admin_keep_always
org.freedesktop.policykit.grant auth_admin_keep_always
org.freedesktop.policykit.modify-defaults auth_admin_keep_always
#
org.freedesktop.network-manager-settings.system.modify auth_admin_keep_always
org.freedesktop.network-manager-settings.system.hostname.modify auth_admin_keep
org.freedesktop.network-manager-settings.system.wifi.share.protected auth_admin
org.freedesktop.network-manager-settings.system.wifi.share.open auth_admin
#
org.freedesktop.hal.killswitch.bluetooth auth_admin_keep_always:auth_admin_keep_always:yes
org.freedesktop.hal.killswitch.wlan auth_admin_keep_always:auth_admin_keep_always:yes
org.freedesktop.hal.killswitch.wwan auth_admin_keep_always:auth_admin_keep_always:yes
org.freedesktop.hal.lock auth_admin_keep_always:auth_admin_keep_always:yes
org.freedesktop.hal.storage.mount-fixed auth_admin_keep_always
org.freedesktop.hal.storage.mount-removable auth_admin_keep_always:auth_admin_keep_always:yes
org.freedesktop.hal.storage.unmount-others auth_admin_keep_always:auth_admin_keep_always:yes
org.freedesktop.hal.storage.eject auth_admin_keep_always:auth_admin_keep_always:yes
org.freedesktop.hal.storage.crypto-setup-fixed auth_admin_keep_always
org.freedesktop.hal.storage.crypto-setup-removable auth_admin_keep_always:auth_admin_keep_always:yes
org.freedesktop.hal.wol.enabled auth_admin_keep_always:auth_admin_keep_always:yes
org.freedesktop.hal.wol.enable auth_admin_keep_always:auth_admin_keep_always:yes
org.freedesktop.hal.wol.supported auth_admin_keep_always:auth_admin_keep_always:yes
# shutdown/reboot should be consistent with consolekit
org.freedesktop.hal.power-management.shutdown auth_admin_keep_always:auth_admin_keep_always:yes
org.freedesktop.hal.power-management.shutdown-multiple-sessions auth_admin:auth_admin:yes
org.freedesktop.hal.power-management.reboot auth_admin:auth_admin:yes
org.freedesktop.hal.power-management.reboot-multiple-sessions auth_admin_keep_always:auth_admin_keep_always:yes
org.freedesktop.hal.power-management.set-powersave auth_admin_keep_always:auth_admin_keep_always:yes
org.freedesktop.hal.power-management.suspend auth_admin_keep_always:auth_admin_keep_always:yes
org.freedesktop.hal.power-management.hibernate auth_admin_keep_always:auth_admin_keep_always:yes
org.freedesktop.hal.power-management.standby auth_admin_keep_always:auth_admin_keep_always:yes
org.freedesktop.hal.power-management.cpufreq auth_admin_keep_always:auth_admin_keep_always:yes
org.freedesktop.hal.power-management.lcd-panel auth_admin_keep_always:auth_admin_keep_always:yes
org.freedesktop.hal.power-management.light-sensor auth_admin_keep_always:auth_admin_keep_always:yes
org.freedesktop.hal.power-management.keyboard-backlight auth_admin_keep_always:auth_admin_keep_always:yes
org.freedesktop.hal.dockstation.undock auth_admin_keep_always:auth_admin_keep_always:yes
org.freedesktop.hal.leds.brightness auth_admin_keep_always:auth_admin_keep_always:yes
#
# device access
#
# we allow device access for both active and inactive sessions.
# Revoking device ACLs for inactive sessions would have no effect on
# already open file descriptors anyways. With a revoke system call
# it would be possible but would also mean that e.g. a sound playing
# appliction would have to be killed or would forcefully stop
# playing sound which is not what we want.
#
org.freedesktop.hal.device-access.sound auth_admin_keep_always:yes:yes
org.freedesktop.hal.device-access.video4linux auth_admin_keep_always:yes:yes
org.freedesktop.hal.device-access.cdrom auth_admin_keep_always:yes:yes
org.freedesktop.hal.device-access.dvb auth_admin_keep_always:yes:yes
org.freedesktop.hal.device-access.camera auth_admin_keep_always:yes:yes
org.freedesktop.hal.device-access.scanner auth_admin_keep_always:yes:yes
org.freedesktop.hal.device-access.audio-player auth_admin_keep_always:yes:yes
org.freedesktop.hal.device-access.ieee1394-iidc auth_admin_keep_always:yes:yes
org.freedesktop.hal.device-access.ieee1394-avc auth_admin_keep_always:yes:yes
org.freedesktop.hal.device-access.pda auth_admin_keep_always:yes:yes
org.freedesktop.hal.device-access.floppy auth_admin_keep_always:yes:yes
org.freedesktop.hal.device-access.modem auth_admin_keep_always
org.freedesktop.hal.device-access.joystick auth_admin_keep_always:yes:yes
org.freedesktop.hal.device-access.mouse auth_admin_keep_always:yes:yes
org.freedesktop.hal.device-access.video auth_admin_keep_always:yes:yes
org.freedesktop.hal.device-access.fingerprint-reader auth_admin_keep_always:yes:yes
org.freedesktop.hal.device-access.obex auth_admin_keep_always
org.freedesktop.hal.device-access.ppdev auth_admin_keep_always
org.freedesktop.hal.device-access.removable-block auth_admin_keep_always
#
org.libvirt.unix.monitor yes
org.libvirt.unix.manage auth_admin_keep_always
org.gnome.clockapplet.mechanism.settimezone auth_admin_keep_always:auth_admin_keep_always:yes
org.gnome.clockapplet.mechanism.settime auth_admin_keep_always
org.gnome.clockapplet.mechanism.configurehwclock auth_admin_keep_always
#
org.gnome.color.install-system-wide auth_admin
#
# package kit
#
org.freedesktop.packagekit.package-install auth_admin_keep_always
org.freedesktop.packagekit.package-install-untrusted auth_admin
org.freedesktop.packagekit.system-trust-signing-key auth_admin
org.freedesktop.packagekit.package-eula-accept auth_admin_keep_always:auth_admin_keep_always:yes
org.freedesktop.packagekit.package-remove auth_admin_keep_always
org.freedesktop.packagekit.system-update auth_admin_keep_always
org.freedesktop.packagekit.system-rollback auth_admin_keep_always
org.freedesktop.packagekit.system-sources-configure auth_admin_keep_always
org.freedesktop.packagekit.system-sources-refresh auth_admin_keep_always:auth_admin_keep_always:yes
org.freedesktop.packagekit.system-network-proxy-configure auth_admin_keep_always
org.freedesktop.packagekit.cancel-foreign auth_admin:auth_admin:auth_admin_keep
org.freedesktop.packagekit.device-rebind auth_admin_keep
#
org.pulseaudio.acquire-real-time auth_admin_keep_always
org.pulseaudio.acquire-high-priority auth_admin_keep_always
#
# gconf
#
org.gnome.gconf.defaults.set-system auth_admin
org.gnome.gconf.defaults.set-mandatory auth_admin
#
# just an example program
#
org.gnome.policykit.examples.jump no:no:auth_self_one_shot
org.gnome.policykit.examples.frobnicate no:no:auth_self
org.gnome.policykit.examples.tweak no:no:auth_admin
org.gnome.policykit.examples.twiddle no:no:auth_admin_keep_always
org.gnome.policykit.examples.punch no:no:auth_self_keep_session
org.gnome.policykit.examples.toggle no:no:auth_admin_keep_always
org.gnome.policykit.examples.kick-foo no:no:auth_self
org.gnome.policykit.examples.kick-bar no:no:auth_self
org.gnome.policykit.examples.kick-baz no:no:auth_self
#
# should be consistent with hal
org.freedesktop.consolekit.system.stop auth_admin_keep_always:auth_admin_keep_always:yes
org.freedesktop.consolekit.system.stop-multiple-users auth_admin:auth_admin:yes
org.freedesktop.consolekit.system.restart auth_admin:auth_admin:yes
org.freedesktop.consolekit.system.restart-multiple-users auth_admin_keep_always:auth_admin_keep_always:yes
#
# smpppd
#
org.opensuse.smpppd.connect auth_admin_keep_always:auth_admin_keep_always:yes
#
# backup-manager
#
org.opensuse.backupmanager.schedule auth_admin
#
# system-config-printer
#
org.opensuse.cupspkhelper.mechanism.printer-set-default auth_admin_keep
org.opensuse.cupspkhelper.mechanism.printer-enable auth_admin_keep
org.opensuse.cupspkhelper.mechanism.printer-local-edit auth_admin_keep
org.opensuse.cupspkhelper.mechanism.printer-remote-edit auth_admin_keep
org.opensuse.cupspkhelper.mechanism.class-edit auth_admin_keep
org.opensuse.cupspkhelper.mechanism.server-settings auth_admin_keep
org.opensuse.cupspkhelper.mechanism.printeraddremove auth_admin_keep
org.opensuse.cupspkhelper.mechanism.job-edit auth_admin_keep
org.opensuse.cupspkhelper.mechanism.job-not-owned-edit auth_admin_keep
org.opensuse.cupspkhelper.mechanism.devices-get auth_admin_keep
#
# Firewall Zone Switcher
#
org.opensuse.zoneswitcher.control auth_admin_keep_always:auth_admin_keep_always:yes
#
# RealTimeKit
#
org.freedesktop.RealtimeKit1.acquire-high-priority auth_admin:auth_admin:auth_admin
org.freedesktop.RealtimeKit1.acquire-real-time auth_admin:auth_admin:auth_admin
#
# polkit-1
#
org.freedesktop.policykit.exec auth_admin:auth_admin:auth_admin
org.freedesktop.policykit.lockdown auth_admin
# example progam
org.freedesktop.policykit.example.pkexec.run-frobnicate auth_admin:auth_admin:auth_admin
#
# device-kit. Should be consitent with hal
#
org.freedesktop.udisks.filesystem-mount auth_admin:auth_admin:yes
org.freedesktop.udisks.filesystem-mount-system-internal auth_admin:auth_admin:auth_admin_keep
org.freedesktop.udisks.filesystem-check auth_admin:auth_admin:yes
org.freedesktop.udisks.filesystem-check-system-internal auth_admin:auth_admin:auth_admin_keep
org.freedesktop.udisks.filesystem-unmount-others auth_admin:auth_admin:auth_admin
org.freedesktop.udisks.filesystem-lsof auth_admin:auth_admin:yes
org.freedesktop.udisks.filesystem-lsof-system-internal auth_admin:auth_admin:auth_admin_keep
org.freedesktop.udisks.drive-eject auth_admin:auth_admin:yes
org.freedesktop.udisks.drive-detach auth_admin:auth_admin:yes
org.freedesktop.udisks.change auth_admin:auth_admin:yes
org.freedesktop.udisks.change-system-internal auth_admin:auth_admin:auth_admin_keep
org.freedesktop.udisks.drive-ata-smart-refresh auth_admin:auth_admin:yes
org.freedesktop.udisks.drive-ata-smart-selftest auth_admin:auth_admin:auth_admin
org.freedesktop.udisks.drive-ata-smart-retrieve-historical-data auth_admin:auth_admin:yes
org.freedesktop.udisks.luks-unlock auth_admin:auth_admin:yes
org.freedesktop.udisks.luks-lock-others auth_admin:auth_admin:auth_admin
org.freedesktop.udisks.linux-md auth_admin:auth_admin:auth_admin
org.freedesktop.udisks.cancel-job-others auth_admin:auth_admin:auth_admin
org.freedesktop.udisks.inhibit-polling auth_admin:auth_admin:yes
org.freedesktop.udisks.drive-set-spindown auth_admin:auth_admin:yes
org.freedesktop.udisks.linux-lvm2 auth_admin_keep
#
org.freedesktop.upower.suspend auth_admin:auth_admin:yes
org.freedesktop.upower.hibernate auth_admin:auth_admin:yes
org.freedesktop.upower.qos.request-latency auth_admin:auth_admin:yes
org.freedesktop.upower.qos.request-latency-persistent auth_admin:auth_admin:yes
org.freedesktop.upower.qos.set-minimum-latency auth_admin:auth_admin:auth_admin
org.freedesktop.upower.qos.cancel-request auth_admin:auth_admin:auth_admin
#
# YaST
#
org.opensuse.yast.module-manager.import auth_admin_keep_session
org.opensuse.yast.module-manager.lock auth_admin_keep_session
org.opensuse.yast.modules.yapi.language.read no
org.opensuse.yast.modules.yapi.language.write no
org.opensuse.yast.modules.yapi.time.read no
org.opensuse.yast.modules.yapi.time.write no
org.opensuse.yast.modules.ysr.statelessregister auth_admin_keep_session
org.opensuse.yast.modules.ysr.getregistrationconfig auth_admin_keep_session
org.opensuse.yast.modules.ysr.setregistrationconfig auth_admin_keep_session
org.opensuse.yast.scr.read auth_admin_keep_session
org.opensuse.yast.scr.write auth_admin_keep_session
org.opensuse.yast.scr.execute auth_admin_keep_session
org.opensuse.yast.scr.dir auth_admin_keep_session
org.opensuse.yast.scr.registeragent auth_admin_keep_session
org.opensuse.yast.scr.unregisteragent auth_admin_keep_session
org.opensuse.yast.scr.unmountagent auth_admin_keep_session
org.opensuse.yast.scr.error auth_admin_keep_session
org.opensuse.yast.scr.unregisterallagents auth_admin_keep_session
org.opensuse.yast.scr.registernewagents auth_admin_keep_session
# KDE stuff
org.kde.fontinst.manage auth_admin
org.kde.kcontrol.kcmclock.save auth_admin
org.kde.kcontrol.kcmremotewidgets.save auth_admin
org.kde.ksysguard.processlisthelper.changecpuscheduler auth_admin
org.kde.ksysguard.processlisthelper.changeioscheduler auth_admin
org.kde.ksysguard.processlisthelper.renice auth_admin
org.kde.ksysguard.processlisthelper.sendsignal auth_admin
org.kde.polkitkde1.changeexplicitauthorizations auth_admin_keep
org.kde.polkitkde1.changeimplicitauthorizations auth_admin
org.kde.polkitkde1.changesystemconfiguration auth_admin
org.kde.polkitkde1.readauthorizations auth_admin_keep
org.kde.kcontrol.k3bsetup.save auth_admin
# moblin
org.moblin.clockapplet.mechanism.settimezone auth_admin
org.moblin.clockapplet.mechanism.settime auth_admin
org.moblin.clockapplet.mechanism.configurehwclock auth_admin
###
ACC SHELL 2018