Novell LINUX ENTERPRISE DESKTOP 11 - SECURITY GUIDE 17-03-2009 Manual page 102

Example 9.1 An example /etc/PolicyKit/PolicyKit.conf file
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE pkconfig PUBLIC "-//freedesktop//DTD PolicyKit Configuration 1.0//EN"
"http://hal.freedesktop.org/releases/PolicyKit/1.0/config.dtd">
<config version="0.1">
<match action="org.freedesktop.packagekit.system-update">
<match user="tux">
</match>
</match>
<match action="org.freedesktop.policykit.*">
<match user="tux|wilber">
</match>
</match>
<define_admin_auth group="administrators"/>
</config>
The first three lines of the config file are the XML header. These lines are already
present in the template file, leave them untouched.
The XML root element must always be present. The attribute version is
mandatory, currently the only valid value is 0.1. Already present in the template
file.
A statement granting the user tux the privilege to update packages via PackageKit
without having to authorize.
Withdraw privileges for all PolicyKit related policies from the users tux and
wilber.
This statement allows all members of the group administrators to authenti-
cate with their own password whenever authentication with the root password
would be required. Since this statement is not nested within constraining match
statements, it applies to all policies.
9.3.4 Restoring the Default Privileges
Each application supporting PolicyKit comes with a default set of implicit policies de-
fined by the application's developers, the so-called "upstream defaults". The privileges
defined by the upstream defaults are not necessarily the ones that are activated by default
on SUSE Linux Enterprise Desktop. SUSE Linux Enterprise Desktop comes with a
predefined set of privileges (see
90 Security Guide
<return result="yes"/>
<return result="no"/>
Section "Modifying Configuration Files for Implicit