I am using Ubuntu 16.04.
There is a file located at /usr/share/polkit-1/actions/org.freedesktop.login1.policy which seems to control the permissions regarding shutdown/suspend/hibernate options.
In this file, the revelant options are in this format:
<defaults> <allow_any>no</allow_any> <allow_inactive>auth_admin_keep</allow_inactive> <allow_active>yes</allow_active> </defaults>
corresponding to every action (shutdown, suspend etc.).
Here is the full version of that file.
I want to know the meaning of allow_any, allow_inactive and allow_active options.
What do they mean exactly ?
The reason for my curiosity is that I want to hibernate non-interactively without root (from cron), but am getting authorization errors.
And it seems that those errors can be solved by modifying this file.
Answers:
Thank you for visiting the Q&A section on Magenaut. Please note that all the answers may not help you solve the issue immediately. So please treat them as advisements. If you found the post helpful (or not), leave a comment & I’ll get back to you as soon as possible.
Method 1
This link contains the information given by the other answer in a better way.
Especially this part:
The defaults tag is where the permissions or lack thereof are located.
It contains three settings:allow_any,allow_inactive, andallow_active.
Inactive sessions are generally remote sessions (SSH,
VNC, etc.) whereas active sessions are logged directly into the
machine on a TTY or an X display.
allow_anyis the setting encompassing both scenarios.For each of these settings the following options are available:
no: The user is not authorized to carry out the action. There is therefore no need for authentication. yes: The user is authorized to carry out the action without any authentication. auth_self: Authentication is required but the user need not be an administrative user. auth_admin: Authentication as an administrative user is require. auth_self_keep: The same as auth_self but, like sudo, the authorization lasts a few minutes. auth_admin_keep: The same as auth_admin but, like sudo, the authorization lasts a few minutes.
Also, here is the official manual page of polkit.
Hibernation can be made to be turned on from cron by changing the no to yes inside the allow_any tags under the actions org.freedesktop.login1.hibernate and org.freedesktop.login1.hibernate-multiple-sessions.
But this is not a recommended solution as it can be erased during future upgrades.
Instead you can make a file containing the following:
[Enable hibernate to be run via cron] Identity=unix-user:* Action=org.freedesktop.login1.hibernate;org.freedesktop.login1.hibernate-multiple-sessions ResultAny=yes
named com.0.enable-hibernation-from-cron.pkla in the directory /etc/polkit-1/localauthority/50-local.d/ to achieve the same effect.
An even better solution using visudo is given here.
Method 2
From section DECLARING ACTIONS of polkit – Authorization Framework:
defaults
This element is used to specify implicit authorizations for clients. Elements that can be used inside defaults includes: allow_any Implicit authorizations that apply to any client. Optional. allow_inactive Implicit authorizations that apply to clients in inactive sessions on local consoles. Optional. allow_active Implicit authorizations that apply to clients in active sessions on local consoles. Optional. Each of the allow_any, allow_inactive and allow_active elements can contain the following values: no Not authorized. yes Authorized. auth_self Authentication by the owner of the session that the client originates from is required. auth_admin Authentication by an administrative user is required. auth_self_keep Like auth_self but the authorization is kept for a brief period. auth_admin_keep Like auth_admin but the authorization is kept for a brief period.
I hope this makes it clear for you.
All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0