Novell LINUX ENTERPRISE SERVER 11 - SECURITY Manual page 143

Example 9.1 An example /etc/PolicyKit/PolicyKit.conf file
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE pkconfig PUBLIC "-//freedesktop//DTD PolicyKit Configuration 1.0//EN"
"http://hal.freedesktop.org/releases/PolicyKit/1.0/config.dtd">
<config version="0.1">
<match action="org.freedesktop.packagekit.system-update">
<match user="tux">
<return result="yes"/>
</match>
</match>
<match action="org.freedesktop.policykit.*">
<match user="tux|wilber">
<return result="no"/>
</match>
</match>
<define_admin_auth group="administrators"/>
</config>
The first three lines of the config file are the XML header. These lines are already
present in the template file, leave them untouched.
The XML root element must always be present. The attribute version is
mandatory, currently the only valid value is 0.1. Already present in the template
file.
A statement granting the user tux the privilege to update packages via PackageKit
without having to authorize.
Withdraw privileges for all PolicyKit related policies from the users tux and
wilber.
This statement allows all members of the group administrators to authenti-
cate with their own password whenever authentication with the root password
would be required. Since this statement is not nested within constraining match
statements, it applies to all policies.
9.3.4 Restoring the Default Privileges
Each application supporting PolicyKit comes with a default set of implicit policies de-
fined by the application's developers, the so-called "upstream defaults". The privileges
defined by the upstream defaults are not necessarily the ones that are activated by default
on SUSE Linux Enterprise Server. SUSE Linux Enterprise Server comes with a prede-
fined set of privileges (see Section "Modifying Configuration Files for Implicit Privi-
PolicyKit 129