Novell LINUX ENTERPRISE DESKTOP 11 - SECURITY GUIDE 17-03-2009 Manual page 99

reset the privileges for a given action to the defaults. However,
polkit-action always operates on the upstream defaults, so it is not possible
to list or restore the defaults shipped with SUSE Linux Enterprise Desktop. Refer
to Section 9.3.4, "Restoring the Default Privileges"
mation.
9.3.3 Modifying Configuration Files
Adjusting privileges by modifying configuration files is useful when you want to deploy
the same set of policies to different machines, for example to the computers of a specific
team. It is possible to change implicit as well as explicit privileges by modifying confi-
guration files.
Modifying Configuration Files for Implicit Privileges
SUSE Linux Enterprise Desktop ships with two sets of default authorizations located
in /etc/polkit-default-privs.standard and /etc/
polkit-default-privs.restrictive. The .standard file defines privileges
suitable for most desktop systems. It is active by default. The .restrictive set of
privileges is designed for machines administrated centrally.Activate it by setting
POLKIT_DEFAULT_PRIVS to restrictive in /etc/sysconfig/security
and run set_polkit_default_privs as root afterwards. Do not modify these
two files.
In order to define your custom set of privileges, use /etc/polkit-default-privs
.local. Privileges defined here will always take precedence over the ones defined in
the other configuration files. To define a privilege, add a line for each policy with the
following format:
<privilege
name> <any
session>:<inactive
session>:<active
session>
For a list of all privilege names available, run the command polkit-action. The
following values are valid for the session parameters:
(page 90) for further infor-
PolicyKit 87