[gnome-user-docs] Add a sysadmin page on locking down repartioning
- From: David King <davidk src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [gnome-user-docs] Add a sysadmin page on locking down repartioning
- Date: Tue, 25 Nov 2014 18:38:58 +0000 (UTC)
commit 14264e58c0fd64226a02a79d18c6c66ee1c52d36
Author: Jana Svarova <jsvarova redhat com>
Date: Tue Nov 25 18:34:01 2014 +0000
Add a sysadmin page on locking down repartioning
https://bugzilla.gnome.org/show_bug.cgi?id=735675
system-admin-guide/C/lockdown-repartitioning.page | 76 +++++++++++++++++++++
system-admin-guide/Makefile.am | 1 +
2 files changed, 77 insertions(+), 0 deletions(-)
---
diff --git a/system-admin-guide/C/lockdown-repartitioning.page
b/system-admin-guide/C/lockdown-repartitioning.page
new file mode 100644
index 0000000..931987a
--- /dev/null
+++ b/system-admin-guide/C/lockdown-repartitioning.page
@@ -0,0 +1,76 @@
+<page xmlns="http://projectmallard.org/1.0/";
+ xmlns:its="http://www.w3.org/2005/11/its";
+ type="topic" style="task"
+ id="lockdown-repartitioning">
+
+ <info>
+ <link type="guide" xref="user-settings#lockdown"/>
+ <revision pkgversion="3.14" date="2014-11-25" status="draft"/>
+ <link type="seealso" xref="dconf-lockdown" />
+
+ <credit type="author copyright">
+ <name>Jana Svarova</name>
+ <email its:translate="no">jana svarova gmail com</email>
+ <years>2014</years>
+ </credit>
+
+ <include href="legal.xml" xmlns="http://www.w3.org/2001/XInclude"/>
+
+ <desc>Prevent users from changing disk partitions.</desc>
+ </info>
+
+ <title>Lock down repartitioning</title>
+
+ <p><sys>polkit</sys> enables you to set permissions for individual
+ operations. For <sys>udisks2</sys>, the utility for disk management services,
+ the configuration is located at
+ <file>/usr/share/polkit-1/actions/org.freedesktop.udisks2.policy</file>. This
+ file contains a set of actions and default values, which can be overridden by
+ system administrator.</p>
+
+ <note style="tip">
+ <p>Remember that <sys>polkit</sys> configuration in <file>/etc</file>
+ overrides that shipped by packages in <file>/usr/share</file>.</p>
+ </note>
+
+ <steps>
+ <title>To prevent users from changing disks settings:</title>
+ <item>
+ <p>Create a file with the same content as in
+ <file>/usr/share/polkit-1/actions/org.freedesktop.udisks2.policy</file>.</p>
+ <code>cp /usr/share/polkit-1/actions/org.freedesktop.udisks2.policy
/etc/share/polkit-1/actions/org.freedesktop.udisks2.policy</code>
+ <note style="important">
+ <p>Do not change the
+ <file>/usr/share/polkit-1/actions/org.freedesktop.udisks2.policy</file>
+ file, your changes will be overwritten by the next package update.</p>
+ </note>
+ </item>
+ <item>
+ <p>Delete any actions you do not need from within the
+ <code>policyconfig</code> element and add the following lines to the
+ <file>/etc/polkit-1/actions/org.freedesktop.udisks2.policy</file>
+ file:</p>
+ <screen><![CDATA[
+ <action id="org.freedesktop.udisks2.modify-device">
+ <description>Modify the disks settings</description>
+ <message>Authentication is required to modify the disks settings</message>
+ <defaults>
+ <allow_any>no</allow_any>
+ <allow_inactive>no</allow_inactive>
+ <allow_active>yes</allow_active>
+ </defaults>
+ </action>
+ ]]></screen>
+ <p>Replace <code>no</code> by <code>auth_admin</code> if you want to
+ ensure only the root user is able to carry out the action.</p>
+ </item>
+ <item>
+ <p>Save the changes.</p>
+ </item>
+ </steps>
+
+ <p>When the user tries to change the disks settings, the following message is
+ presented:</p>
+ <code>Authentication is required to modify the disks settings</code>
+
+</page>
diff --git a/system-admin-guide/Makefile.am b/system-admin-guide/Makefile.am
index a492db7..b80a331 100644
--- a/system-admin-guide/Makefile.am
+++ b/system-admin-guide/Makefile.am
@@ -20,6 +20,7 @@ HELP_FILES = \
keyboard-layout.page \
legal.xml \
lockdown-command-line.page \
+ lockdown-repartioning.page \
login.page \
login-automatic.page \
login-banner.page \
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
