PKLALOCKDOWN

Section: pklalockdown (1)
Updated: May 2009
Index Return to Main Contents

NAME

pklalockdown - Configure lockdown for the Local Authority

SYNOPSIS

pklalockdown [--version] [--help]
pklalockdown --lockdown action
pklalockdown --remove-lockdown action

DESCRIPTION

pklalockdown

is used to configure lockdown for the Local Authority.

The effect of locking down an action is that administrator authentication is always needed in order for subjects to acquire the authorization for the action in question (and the subject has to be in an active session on a local console). The obtained authorization is temporary and as such typically expires five minutes after being obtained.

To lock down action use the --lockdown option. To remove a lockdown for action use the --remove-lockdown option.

REQUIRED AUTHORIZATIONS

The org.freedesktop.policykit.localauthority.lockdown authorization is needed to add or remove lockdown. By default, this authorization requires administrator authentication and cannot be retained.

IMPLEMENTATION DETAILS

Lockdown is implemented through .pkla files. Locked down actions supersede other most other Local Authority configuration as the .pkla files are placed in /var/lib/polkit-1/localauthority90-mandatory.d.

Programs checking authorizations can check whether an action is locked down via by checking the polkit.localauthority.lockdown key/value pair in the details of the authorization response.

RETURN VALUE

On success pklalockdown returns 0. Otherwise a non-zero value is returned and a diagnostic message is printed on standard error.

AUTHOR

Written by David Zeuthen davidz@redhat.com with a lot of help from many others.

BUGS

Please send bug reports to either the distribution or the polkit-devel mailing list, see the link m[blue]http://lists.freedesktop.org/mailman/listinfo/polkit-develm[] on how to subscribe.