aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLeo Prikler <leo.prikler@student.tugraz.at>2019-11-23 19:51:15 +0100
committerLudovic Courtès <ludo@gnu.org>2019-11-30 23:50:40 +0100
commit7f25ff10e1c821da84c641e7f6c01c34a2ebe12e (patch)
treee6e1a7ff707c8873fff90a9961456a67eb36fa72
parent99c45877a984dd0148151b2e304afef6fb04f1a5 (diff)
downloadpatches-7f25ff10e1c821da84c641e7f6c01c34a2ebe12e.tar
patches-7f25ff10e1c821da84c641e7f6c01c34a2ebe12e.tar.gz
services: Add polkit-wheel-service.
* gnu/services/desktop.scm: (polkit-wheel): New variable. (polkit-wheel-service): New service. * doc/guix.texi: Document polkit-wheel-service. Signed-off-by: Ludovic Courtès <ludo@gnu.org>
-rw-r--r--doc/guix.texi7
-rw-r--r--gnu/services/desktop.scm21
2 files changed, 28 insertions, 0 deletions
diff --git a/doc/guix.texi b/doc/guix.texi
index 661aa41785..0a7713e7ac 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -15591,6 +15591,13 @@ capabilities to ordinary users. For example, an ordinary user can be granted
the capability to suspend the system if the user is logged in locally.
@end deffn
+@defvr {Scheme Variable} polkit-wheel-service
+Service that adds the @code{wheel} group as admins to the Polkit
+service. This makes it so that users in the @code{wheel} group are queried
+for their own passwords when performing administrative actions instead of
+@code{root}'s, similar to the behaviour used by @code{sudo}.
+@end defvr
+
@defvr {Scheme Variable} upower-service-type
Service that runs @uref{https://upower.freedesktop.org/, @command{upowerd}}, a
system-wide monitor for power consumption and battery levels, with the given
diff --git a/gnu/services/desktop.scm b/gnu/services/desktop.scm
index 0152e86e8a..9eee2fa485 100644
--- a/gnu/services/desktop.scm
+++ b/gnu/services/desktop.scm
@@ -135,6 +135,8 @@
inputattach-configuration?
inputattach-service-type
+ polkit-wheel-service
+
%desktop-services))
;;; Commentary:
@@ -1066,6 +1068,25 @@ dispatches events from it.")))
;;;
+;;; polkit-wheel-service -- Allow wheel group to perform admin actions
+;;;
+
+(define polkit-wheel
+ (file-union
+ "polkit-wheel"
+ `(("share/polkit-1/rules.d/wheel.rules"
+ ,(plain-file
+ "wheel.rules"
+ "polkit.addAdminRule(function(action, subject) {
+ return [\"unix-group:wheel\"];
+});
+")))))
+
+(define polkit-wheel-service
+ (simple-service 'polkit-wheel polkit-service-type (list polkit-wheel)))
+
+
+;;;
;;; The default set of desktop services.
;;;