PolicyKit localauthority does not work

Asked by Scott Duckworth on 2011-07-28

I am trying to customize the PolicyKit rules to prevent anybody from suspending or hibernating an Ubuntu 10.04 system. According to http://manpages.ubuntu.com/manpages/lucid/en/man8/pklocalauthority.8.html, I have created /etc/polkit-1/localauthority/30-site.d/50-stuff.pkla:
---
[Disable suspend]
Action=org.freedesktop.upower.suspend
ResultAny=no
ResultActive=no
ResultInctive=no

[Disable hibernate]
Action=org.freedesktop.upower.hibernate
ResultAny=no
ResultActive=no
ResultInctive=no
---

Even after rebooting the system, it is still possible to suspend or hibernate the system as any user. Why are my settings not taking effect?

Additionally, there seem to be two implementations of PolicyKit on Ubuntu 10.04: policykit-1 (which was installed by default) and policykit (which was not installed by default). I have also found conflicting sets of documentation at http://hal.freedesktop.org/docs/PolicyKit/ and http://hal.freedesktop.org/docs/polkit/. I installed policykit, which uses a different configuration file, to no avail. (See also: http://serverfault.com/questions/294367/policykit-vs-polkit).

Question information

Language:
English Edit question
Status:
Solved
For:
Ubuntu policykit-1 Edit question
Assignee:
No assignee Edit question
Solved by:
Scott Duckworth
Solved:
2011-07-28
Last query:
2011-07-28
Last reply:

A co-worker of mine found the solution. I had left out the Identity specifier. Changing the file to the following resolved the problem:
---
[Disable suspend]
Identity=unix-user:*
Action=org.freedesktop.upower.suspend
ResultAny=no
ResultActive=no
ResultInctive=no

[Disable hibernate]
Identity=unix-user:*
Action=org.freedesktop.upower.hibernate
ResultAny=no
ResultActive=no
ResultInctive=no
---