Polkit rules, are they specific?

[boredsquirrel]

I created a small script for easily adding polkit rules for some things.

I saw yours for using CUPS, for some reason never needed a password prompt, but for sure thats annoying. But is that "opensuse" in the name just the origin, or is the program called like that on fedora too?

Also what would be rules that are dangerous? Is mounting LUKS drives or opening a VM already?

[rusty-snake]

I created a small script for easily adding polkit rules for some things.

This script will not work.

But is that "opensuse" in the name just the origin, or is the program called like that on fedora too?

It's named everywhere like that I guess.

Also what would be rules that are dangerous? Is mounting LUKS drives or opening a VM already?

Depends.

On Unix* changing the configuration of printers and network (including WLAN) is a privileged task. However on a modern Desktop system you likely want human users to change such stuff.

VMs in general are not a issue. Whether libvirt has some problematic feature I can not tell you.

Mounting is definitely a privileged task.

[boredsquirrel]

You mind to tell me why it would not work? I used exactly these rules for virt-manager and mounting and decrypting.

From the security point mounting is not important for me, as it needs a password stored in KWallet of the user. So having the permission restricted makes no sense to me.

Printers are a good point, I added the rule to my some-day-coming Kinoite image.

[rusty-snake]

You may used thse rules but not your script.
Did you ever tested it before commiting?

And since this isn't the first script from you, that I see, which does syntactical things fundamentally wrong, I recommend you to first learn (bash-)scripting and then let your creations out in the world. After testing them. Or be clear in the project description that this is sole learning only project not indented for serious use.

[boredsquirrel]

I dont know what you mean. Yes I did not test some scripts, especially the Arkenfox one as I already have such a profile, I added the notes which was totally nessecary

But the polkit helper works normally? Where is the issue? At least using it locally it works fine. A bit weird structured with the user output only after sudo, but I saved some lines. I tested it with virt-manager and it works normally

[rusty-snake]

Did you ever used this script?

---

LC_ALL=C bash create-polkit-rule

• Start script with the shell from shebang.
• Set all error messages to be English.

----


Polkit creation Script

This script creates Policiy kit entries        <--- Typo
to allow a user in the wheel group (sudoers) to
execute certain commands without a password prompt.

Use this tool only if you are aware of the consequences.

-----

How should your rule be called? rule01
What program name do you want to execute without a password prompt? org.freedesktop.policykit.exec

Suggestion to write something else than "program name" because it's not the "program name" as users would expect (ls, firefox, gcc, dig, ...) instead it's the id of the polkit action.

polkit.addRule(function(action, subject) {
  if (action.id == org.freedesktop.policykit.exec && subject.local && subject.active && subject.isInGroup(wheel)) {
      return polkit.Result.YES;
  }
}); | sudo tee /etc/polkit-1/rules.d/rule01.rules && printf create-polkit-rule: line 27: Success!: command not found
create-polkit-rule: line 29: Rule: command not found
create-polkit-rule: line 31: unexpected EOF while looking for matching `"'

What's working here?

• Syntax 1: Why all these unnecessary "" before and after a quoted string?
• Syntax 2: Unclosed quoted string
• Syntax 3: Unquoted !
• Syntax 4: The action has no double quotes making it a variable/object in JS
• Syntax 5: The wheel group has no double quotes making it a variable (undefined) in JS
• Syntax 6: Unclosed quoted string -> Broken pipe

That's the list of syntax errors. There are more tricky semantic errors as well.

---

shellcheck:

In create-polkit-rule line 21:
printf """polkit.addRule(function(action, subject) {
         ^-- SC1078 (warning): Did you forget to close this double quoted string?


In create-polkit-rule line 22:
  if (action.id == "$progname" && subject.local && subject.active && subject.isInGroup("wheel")) {
                   ^-- SC1079 (info): This is actually an end quote, but due to next char it looks suspect.
                                                                                             ^-- SC1078 (warning): Did you forget to close this double quoted string?


In create-polkit-rule line 25:
}); | sudo tee /etc/polkit-1/rules.d/$rulename.rules && printf """
                                                               ^-- SC1079 (info): This is actually an end quote, but due to next char it looks suspect.


In create-polkit-rule line 31:
"""
^-- SC1009 (info): The mentioned syntax error was in this simple command.
  ^-- SC1073 (error): Couldn't parse this double quoted string. Fix to allow more checks.


In create-polkit-rule line 33:

^-- SC1072 (error): Expected end of double quoted string. Fix any mentioned problems and try again.

For more information:
  https://www.shellcheck.net/wiki/SC1078 -- Did you forget to close this doub...
  https://www.shellcheck.net/wiki/SC1079 -- This is actually an end quote, bu...
  https://www.shellcheck.net/wiki/SC1072 -- Expected end of double quoted str...