source: postlfs/security/polkit.xml@ c0b5bba

gnome
Last change on this file since c0b5bba was c0b5bba, checked in by Christopher Gregory <cjg@…>, 10 years ago

Added systemd notes to libcap mitkrb openssh polkit and stunnel pages

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/branches/gnome@13393 af4574ff-66df-0310-9fd7-8a98e5e911e0
  • Property mode set to 100644
File size: 11.3 KB
Line 
1<?xml version="1.0" encoding="ISO-8859-1"?>
2<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3 "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4 <!ENTITY % general-entities SYSTEM "../../general.ent">
5 %general-entities;
6
7 <!ENTITY polkit-download-http
8 "http://www.freedesktop.org/software/polkit/releases/polkit-&polkit-version;.tar.gz">
9 <!ENTITY polkit-download-ftp " ">
10 <!ENTITY polkit-md5sum "b0f2fa00a55f47c6a5d88e9b73f80127">
11 <!ENTITY polkit-size "1.4 MB">
12 <!ENTITY polkit-buildsize "17 MB">
13 <!ENTITY polkit-time "0.2 SBU">
14]>
15
16<sect1 id="polkit" xreflabel="Polkit-&polkit-version;">
17 <?dbhtml filename="polkit.html"?>
18
19 <sect1info>
20 <othername>$LastChangedBy$</othername>
21 <date>$Date$</date>
22 </sect1info>
23
24 <title>Polkit-&polkit-version;</title>
25
26 <indexterm zone="polkit">
27 <primary sortas="a-Polkit">Polkit</primary>
28 </indexterm>
29
30 <sect2 role="package">
31 <title>Introduction to Polkit</title>
32
33 <para>
34 <application>Polkit</application> is a toolkit for defining and handling
35 authorizations. It is used for allowing unprivileged processes to
36 communicate with privileged processes.
37 </para>
38
39 &lfs75_checked;
40
41 <bridgehead renderas="sect3">Package Information</bridgehead>
42 <itemizedlist spacing="compact">
43 <listitem>
44 <para>
45 Download (HTTP): <ulink url="&polkit-download-http;"/>
46 </para>
47 </listitem>
48 <listitem>
49 <para>
50 Download (FTP): <ulink url="&polkit-download-ftp;"/>
51 </para>
52 </listitem>
53 <listitem>
54 <para>
55 Download MD5 sum: &polkit-md5sum;
56 </para>
57 </listitem>
58 <listitem>
59 <para>
60 Download size: &polkit-size;
61 </para>
62 </listitem>
63 <listitem>
64 <para>
65 Estimated disk space required: &polkit-buildsize;
66 </para>
67 </listitem>
68 <listitem>
69 <para>
70 Estimated build time: &polkit-time;
71 </para>
72 </listitem>
73 </itemizedlist>
74
75 <bridgehead renderas="sect3">Polkit Dependencies</bridgehead>
76
77 <bridgehead renderas="sect4">Required</bridgehead>
78 <para role="required">
79 <xref linkend="glib2"/>, and
80 <xref linkend="JS"/>
81 </para>
82
83 <bridgehead renderas="sect4">Optional (Required if building GNOME)</bridgehead>
84 <para role="optional">
85 <xref linkend="gobject-introspection"/>
86 </para>
87
88 <bridgehead renderas="sect4">Optional</bridgehead>
89 <para role="optional">
90 <xref linkend="DocBook"/>,
91 <xref linkend="docbook-xsl"/>,
92 <xref linkend="gtk-doc"/>, and
93 <xref linkend="libxslt"/>
94 </para>
95
96 <bridgehead renderas="sect4">Optional (Required if using systemd and building GNOME)</bridgehead>
97 <para role="optional">
98 <xref linkend="linux-pam"/>
99 </para>
100
101 <note>
102 <para>
103 This package will link against systemd libraries by default, since they are always installed
104 and in doing that, it doesn't require ConsoleKit anymore.
105 </para>
106 </note>
107
108 <note>
109 <para>
110 If <xref linkend="libxslt"/> is installed, then <xref linkend="DocBook"/>
111 and <xref linkend="docbook-xsl"/> are required. If you have installed
112 <xref linkend="libxslt"/>, but you do not want to install any of the
113 DocBook packages mentioned, you will need to use
114 <option>--disable-man-pages</option> in the instructions below.
115 </para>
116 </note>
117
118 <para condition="html" role="usernotes">User Notes:
119 <ulink url="&blfs-wiki;/polkit"/>
120 </para>
121 </sect2>
122
123 <sect2 role="installation">
124 <title>Installation of Polkit</title>
125
126 <para>
127 There should be a dedicated user and group to take control
128 of the <command>polkitd</command> daemon after it is
129 started. Issue the following commands as the
130 <systemitem class="username">root</systemitem> user:
131 </para>
132
133<screen role="root"><userinput>groupadd -fg 27 polkitd &amp;&amp;
134useradd -c "PolicyKit Daemon Owner" -d /etc/polkit-1 -u 27 \
135 -g polkitd -s /bin/false polkitd</userinput></screen>
136
137 <para>
138 Install <application>Polkit</application> by running the following
139 commands:
140 </para>
141
142<screen><userinput>./configure --prefix=/usr \
143 --sysconfdir=/etc \
144 --localstatedir=/var \
145 --disable-static \
146 --enable-libsystemd-login=no \
147 --with-authfw=shadow &amp;&amp;
148make</userinput></screen>
149
150 <para>
151 To test the results, issue: <command>make check</command>.
152 Note that system <application>D-Bus</application> daemon
153 must be running for the testsuite to complete. There is
154 also a warning about <application>ConsoleKit</application>
155 database not present, but that one can be safely ignored.
156 </para>
157
158 <para>
159 Now, as the <systemitem class="username">root</systemitem> user:
160 </para>
161
162<screen role="root"><userinput>make install</userinput></screen>
163
164 </sect2>
165
166 <sect2 role="commands">
167 <title>Command Explanations</title>
168
169 <para>
170 <parameter>--enable-libsystemd-login=no</parameter>: This parameter fixes
171 building without <application>systemd</application>, which is not part
172 of LFS/BLFS. If you use <application>systemd</application>,
173 replace "no" by "yes".
174 </para>
175
176 <note>
177 <para>
178 Systemd users, if this package is going to be used, ie on desktops or if an
179 user wants to grant unprivileged users to be able to shut down,
180 reboot, etc the systemd PAM module needs to be built and set up.
181 It is also a good idea to build Polkit with PAM support, so the Polkit can take
182 advantage of the PAM module, so you need to remove the below parameter from
183 the configure line, and create the PAM file mentioned in the configuration section.
184 </para>
185 </note>
186
187 <para>
188 <parameter>--with-authfw=shadow</parameter>: This parameter configures the
189 package to use the <application>Shadow</application> rather than the
190 <application>Linux PAM</application> Authentication framework. Remove it
191 if you would like to use <application>Linux PAM</application>.
192 </para>
193
194 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
195 href="../../xincludes/static-libraries.xml"/>
196
197 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
198 href="../../xincludes/gtk-doc-rebuild.xml"/>
199
200 </sect2>
201
202 <sect2 role="configuration">
203 <title>Configuring Polkit</title>
204
205 <sect3>
206 <title>PAM Configuration</title>
207
208 <note>
209 <para>
210 If you did not build <application>Polkit</application> with
211 <application>Linux PAM</application> support, you can skip this section.
212 </para>
213 </note>
214
215 <para>
216 If you have built <application>Polkit</application> with
217 <application>Linux PAM</application> support, you need to modify
218 the default PAM configuration file which was installed by default to get
219 <application>Polkit</application> to work correctly with BLFS. Issue the
220 following commands as the <systemitem class="username">root</systemitem>
221 user to create the configuration file for <application>Linux PAM</application>:
222 </para>
223
224<screen role="root"><userinput>cat &gt; /etc/pam.d/polkit-1 &lt;&lt; "EOF"
225<literal># Begin /etc/pam.d/polkit-1
226
227auth include system-auth
228account include system-account
229password include system-password
230session include system-session
231
232# End /etc/pam.d/polkit-1</literal>
233EOF</userinput></screen>
234
235 </sect3>
236
237 </sect2>
238
239 <sect2 role="content">
240 <title>Contents</title>
241
242 <segmentedlist>
243 <segtitle>Installed Programs</segtitle>
244 <segtitle>Installed Libraries</segtitle>
245 <segtitle>Installed Directories</segtitle>
246
247 <seglistitem>
248 <seg>
249 pkaction, pkcheck, pk-example-frobnicate, pkexec,
250 pkttyagent and polkitd
251 </seg>
252 <seg>
253 libpolkit-agent-1.so and
254 libpolkit-gobject-1.so
255 </seg>
256 <seg>
257 /etc/polkit-1,
258 /usr/include/polkit-1,
259 /usr/lib/polkit-1,
260 /usr/share/gtk-doc/html/polkit-1 and
261 /usr/share/polkit-1
262 </seg>
263 </seglistitem>
264 </segmentedlist>
265
266 <variablelist>
267 <bridgehead renderas="sect3">Short Descriptions</bridgehead>
268 <?dbfo list-presentation="list"?>
269 <?dbhtml list-presentation="table"?>
270
271 <varlistentry id="pkaction">
272 <term><command>pkaction</command></term>
273 <listitem>
274 <para>
275 is used to obtain information about registered PolicyKit actions.
276 </para>
277 <indexterm zone="polkit pkaction">
278 <primary sortas="b-pkaction">pkaction</primary>
279 </indexterm>
280 </listitem>
281 </varlistentry>
282
283 <varlistentry id="pkcheck">
284 <term><command>pkcheck</command></term>
285 <listitem>
286 <para>
287 is used to check whether a process is authorized for action.
288 </para>
289 <indexterm zone="polkit pkcheck">
290 <primary sortas="b-pkcheck">pkcheck</primary>
291 </indexterm>
292 </listitem>
293 </varlistentry>
294
295 <varlistentry id="pkexec">
296 <term><command>pkexec</command></term>
297 <listitem>
298 <para>
299 allows an authorized user to execute a command as another user.
300 </para>
301 <indexterm zone="polkit pkexec">
302 <primary sortas="b-pkexec">pkexec</primary>
303 </indexterm>
304 </listitem>
305 </varlistentry>
306
307 <varlistentry id="pkttyagent">
308 <term><command>pkttyagent</command></term>
309 <listitem>
310 <para>
311 is used to start a textual authentication agent for the subject.
312 </para>
313 <indexterm zone="polkit pkttyagent">
314 <primary sortas="b-pkttyagent">pkttyagent</primary>
315 </indexterm>
316 </listitem>
317 </varlistentry>
318
319 <varlistentry id="polkitd">
320 <term><command>polkitd</command></term>
321 <listitem>
322 <para>
323 provides the org.freedesktop.PolicyKit1 <application>D-Bus</application>
324 service on the system message bus.
325 </para>
326 <indexterm zone="polkit polkitd">
327 <primary sortas="b-polkitd">polkitd</primary>
328 </indexterm>
329 </listitem>
330 </varlistentry>
331
332 <varlistentry id="libpolkit-agent-1">
333 <term><filename class='libraryfile'>libpolkit-agent-1.so</filename></term>
334 <listitem>
335 <para>
336 contains the <application>Polkit</application> authentication
337 agent API functions.
338 </para>
339 <indexterm zone="polkit libpolkit-agent-1">
340 <primary sortas="c-libpolkit-agent-1">libpolkit-agent-1.so</primary>
341 </indexterm>
342 </listitem>
343 </varlistentry>
344
345 <varlistentry id="libpolkit-gobject-1">
346 <term><filename class='libraryfile'>libpolkit-gobject-1.so</filename></term>
347 <listitem>
348 <para>
349 contains the <application>Polkit</application> authorization API functions.
350 </para>
351 <indexterm zone="polkit libpolkit-gobject-1">
352 <primary sortas="c-libpolkit-gobject-1">libpolkit-gobject-1.so</primary>
353 </indexterm>
354 </listitem>
355 </varlistentry>
356
357 </variablelist>
358
359 </sect2>
360
361</sect1>
Note: See TracBrowser for help on using the repository browser.