'\" t
.\"     Title: pkla-admin-identities
.\"    Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
.\"      Date: May 2013
.\"    Manual: pkla-admin-identities
.\"    Source: polkit-pkla-compat
.\"  Language: English
.\"
.TH "PKLA\-ADMIN\-IDENTIT" "8" "May 2013" "polkit-pkla-compat" "pkla-admin-identities"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
pkla-admin-identities \- List pklocalauthority\-configured polkit administrators
.SH "SYNOPSIS"
.HP \w'\fBpkla\-admin\-identities\fR\ 'u
\fBpkla\-admin\-identities\fR [\fB\-\-help\fR]
.HP \w'\fBpkla\-admin\-identities\fR\ 'u
\fBpkla\-admin\-identities\fR [\fB\-\-config\-path\fR\ \fIconfig\-path\fR]
.SH "DESCRIPTION"
.PP
\fBpkla\-admin\-identities\fR
interprets configuration files described below to determine which users
\fBpolkit\fR(8)
considers administrators, using a non\-JavaScript configuration file format described below\&.
.PP
\fINote:\fR
Determining which users are considered administrators is driven by JavaScript rules as described in
\fBpolkit\fR(8)\&.
\fBpkla\-admin\-identities\fR
is called by a JavaScript rule file named
49\-polkit\-pkla\-compat\&.rules; other JavaScript rules with a higher priority may exist, so the
\fBpkla\-admin\-identities\fR
configuration may not necessarily govern the final decision by
\fBpolkit\fR(8)\&.
.PP
The ordering of the JavaScript rule files and the ordering of
\fBpkla\-admin\-identities\fR
configuration files is not integrated and uses different rules; the
\fBpkla\-admin\-identities\fR
configuration evaluation is happens at a single point within the JavaScript rule evaluation order\&.
.PP
\fBpkla\-admin\-identities\fR
is an internal helper program of
pkla\-polkit\-compat\&. You shouldn\*(Aqt need to run it directly, except for debugging purposes\&.
.PP
Configuration is read from files with a
\&.conf
extension in the
/etc/polkit\-1/localauthority\&.conf\&.d
directory\&. All files are read in lexicographical order (using the C locale), meaning that later files can override earlier ones\&. The file
50\-localauthority\&.conf
contains the settings provided by the OS vendor\&. Users and 3rd party packages can drop configuration files with a priority higher than 60 to change the defaults\&. The configuration file format is simple\&. Each configuration file is a
\fIkey file\fR
(also commonly known as a
\fIini file\fR) with a single group called
[Configuration]\&. Only a single key,
AdminIdentities
is read\&. The value of this key is a semi\-colon separated list of identities that can be used when administrator authentication is required\&. Users are specified by prefixing the user name with
unix\-user:, groups of users are specified by prefixing with
unix\-group:, and netgroups of users are specified with
unix\-netgroup:\&. See
the section called \(lqEXAMPLE\(rq
for an example of a configuration file\&.
.PP
\fBpkla\-admin\-identities\fR
outputs the resulting configuration of administrator identities, one identity per line, using the same format (including e\&.g\&. the
unix\-user:
prefix)\&. If no administrator identities are configured in the above\-described configuration files, the output will be empty\&.
.SH "OPTIONS"
.PP
\fB\-h\fR, \fB\-\-help\fR
.RS 4
Write a summary of the available options to standard output and exit successfully\&.
.RE
.PP
\fB\-c\fR, \fB\-\-config\-path\fR=\fIconfig\-path\fR
.RS 4
Search for configuration files in
\fIconfig\-path\fR
instead of the default
/etc/polkit\-1/localauthority\&.conf\&.d\&.
.RE
.SH "EXIT STATUS"
.PP
\fBpkla\-admin\-identities\fR
exits with 0 on success (even if there are no administrator identities), and a non\-zero status on error\&.
.SH "FILES"
.PP
/etc/polkit\-1/localauthority\&.conf\&.d
.RS 4
Default directory containing configuration files\&.
.RE
.SH "EXAMPLE"
.PP
The following
\&.conf
file
.sp
.if n \{\
.RS 4
.\}
.nf
[Configuration]
AdminIdentities=unix\-group:staff
    
.fi
.if n \{\
.RE
.\}
.PP
specifies that any user in the
staff
UNIX group can be used for authentication when administrator authentication is needed\&. This file would typically be installed in the
/etc/polkit\-1/localauthority\&.conf\&.d
directory and given the name
60\-desktop\-policy\&.conf
to ensure that it is evaluated after the
50\-localauthority\&.conf
file shipped with
pkla\-polkit\-compat\&. If the local administrator wants to override this (suppose
60\-desktop\-policy\&.conf
was shipped as part of the OS) he can simply create a file
99\-my\-admin\-configuration\&.conf
with the following content
.sp
.if n \{\
.RS 4
.\}
.nf
[Configuration]
AdminIdentities=unix\-user:lisa;unix\-user:marge
    
.fi
.if n \{\
.RE
.\}
.PP
to specify that only the users
lisa
and
marge
can authenticate when administrator authentication is needed\&.
.SH "AUTHOR"
.PP
Written by David Zeuthen
<davidz@redhat\&.com>
with a lot of help from many others\&. Adapted by Miloslav Trmač
<mitr@redhat\&.com>\&.
.SH "SEE ALSO"
.PP
\fBpolkit\fR(8)