Bug 534140

Summary: clarifications for the pklocalauthority man page
Product: [Fedora] Fedora Reporter: Andrew McNabb <amcnabb>
Component: polkitAssignee: David Zeuthen <davidz>
Status: CLOSED UPSTREAM QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: low    
Version: 12CC: davidz, mclasen
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2009-11-12 18:51:29 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Andrew McNabb 2009-11-10 17:43:52 UTC 
The pklocalauthority man page is unclear on several points, and I think there are some simple changes that would improve it:

1) The man page doesn't contain any examples of a Local Authority Configuration file (although it does contain examples of .pkla files).  A short example or two would make a big difference.

2) It mentions that the configuration file is a "key file", but it would be helpful to point out that these are also commonly called "ini files".

3) It says that there is a "Configuration group", but in the context, it's not entirely clear what this means.  Even a minor rewording would be helpful: "a group called '[Configuration]'" instead of "a Configuration group".

4) The man page doesn't explain any way to override settings from earlier config files (the built-in files say "DO NOT EDIT THIS FILE, it will be overwritten on update.").  Is there any way to, for example, remove the "desktop_admin_r" group from the AdminIdentities?

5) The files in /var/lib/polkit-1 refer to specific groups like "desktop_admin_r".  Is there any way to use a different name for the "desktop_admin_r" role?  For example, if a heterogeneous environment already has a "wheel" group, they might want the "wheel" group to be treated the same as the "desktop_admin_r" group without having to monitor upstream changes to files in /var/lib/polkit-1.

Thanks for all of your work on PolicyKit.
Comment 1 Andrew McNabb 2009-11-10 17:44:54 UTC 
Also:

6) The manpage doesn't describe /etc/polkit-1/nullbackend.conf.
Comment 2 David Zeuthen 2009-11-12 18:51:29 UTC 
Thanks for the suggestions. Fixed in

 http://cgit.freedesktop.org/PolicyKit/commit/?id=8fff882210e464620c550100069db944a4d73c88

This will be in a 0-zero update for F12.
Comment 3 David Zeuthen 2009-11-12 18:52:38 UTC 
(In reply to comment #1)
> 6) The manpage doesn't describe /etc/polkit-1/nullbackend.conf.  

Hmm, this should be in a pknullauthority(8) man page. However the purpose of the null backend is mostly to serve as an example of other backends. Maybe we shouldn't install it.