add policy kit admin identity configuration for non root users under Debian and Ubuntu

2025-03-03 03:34:44 +01:00 · 2017-01-13 21:50:36 +01:00 · 2017-01-13 21:50:36 +01:00 · b905c8c5ef
commit b905c8c5ef
parent e436bda2e4
2 changed files with 29 additions and 0 deletions
--- a/users/init.sls
+++ b/users/init.sls
@ -417,6 +417,27 @@ users_{{ users.sudoers_dir }}/{{ name }}:
    - name: {{ users.sudoers_dir }}/{{ name }}
 {% endif %}

+# Policykit AdminIdentities Logik
+{%- if 'polkitadmin' in user and user['polkitadmin'] %}
+users_{{ users.polkit_dir }}/{{ name }}:
+  file.managed:
+    - replace: True
+    - onlyif: 'test -d {{ users.polkit_dir }}'
+    - name: {{ users.polkit_dir }}/{{ name }}.conf
+    - contents: |
+        ########################################################################
+        # File managed by Salt (users-formula).
+        # Your changes will be overwritten.
+        ########################################################################
+        #
+        [Configuration]
+        AdminIdentities=unix-user:{{ name }}
+{%- else %}
+users_{{ users.polkit_dir }}/{{ name }}:
+  file.absent:
+    - name: {{ users.polkit_dir }}/{{ name }}.conf
+{%- endif %}
+
 {%- if 'google_auth' in user %}
 {%- for svc in user['google_auth'] %}
 users_googleauth-{{ svc }}-{{ name }}:
@ -486,6 +507,9 @@ users_absent_user_{{ name }}:
 users_{{ users.sudoers_dir }}/{{ name }}:
  file.absent:
    - name: {{ users.sudoers_dir }}/{{ name }}
+users_{{ users.polkit_dir }}/{{ name }}:
+  file.absent:
+    - name: {{ users.polkit_dir }}/{{ name }}.conf
 {% endfor %}

 {% for user in pillar.get('absent_users', []) %}
@ -495,6 +519,9 @@ users_absent_user_2_{{ user }}:
 users_2_{{ users.sudoers_dir }}/{{ user }}:
  file.absent:
    - name: {{ users.sudoers_dir }}/{{ user }}
+users_2_{{ users.polkit_dir }}/{{ name }}:
+  file.absent:
+    - name: {{ users.polkit_dir }}/{{ name }}.conf
 {% endfor %}

 {% for group in pillar.get('absent_groups', []) %}
--- a/users/map.jinja
+++ b/users/map.jinja
@ -10,6 +10,7 @@
    'bash_package': 'bash',
    'sudo_package': 'sudo',
    'googleauth_package': 'libpam-google-authenticator',
+    'polkit_dir': '/etc/polkit-1/localauthority.conf.d',
  },
  'Gentoo': {
    'sudoers_dir': '/etc/sudoers.d',
@ -43,5 +44,6 @@
    'bash_package': 'bash',
    'sudo_package': 'sudo',
    'googleauth_package': 'libpam-google-authenticator',
+    'polkit_dir': '/etc/polkit-1/localauthority.conf.d',
  },
 }, merge=salt['pillar.get']('users:lookup')) %}