Use the same PolicyKit rules for 'active', 'inactive' and 'any' sessions

There's no real point in preventing inactive users from editing system
configuration. Usually, users are clearly active since the backends
are not used by scripts, but there's no reason scripts should be forbidden.

The main interest though is that remote desktop sessions that are not
detected as active by ConsoleKit will work as local sessions, thus
fixing or working around bugs like
https://bugs.launchpad.net/ubuntu/+source/policykit/+bug/221363

1 files changed, 4 insertions, 2 deletions

diff --git a/org.freedesktop.SystemToolsBackends.policy.in b/org.freedesktop.SystemToolsBackends.policy.in
index 8d64c97..6a4c0fb 100644
--- a/org.freedesktop.SystemToolsBackends.policy.in
+++ b/org.freedesktop.SystemToolsBackends.policy.in
@@ -11,7 +11,8 @@
     <_description>Manage system configuration</_description>
     <_message>You need to authenticate to modify the system configuration</_message>
     <defaults>
-      <allow_inactive>no</allow_inactive>
+      <allow_any>auth_admin_keep</allow_any>
+      <allow_inactive>auth_admin_keep</allow_inactive>
       <allow_active>auth_admin_keep</allow_active>
     </defaults>
   </action>
@@ -20,7 +21,8 @@
     <_description>Change the user's own account configuration</_description>
     <_message>You need to authenticate to modify your user account information</_message>
     <defaults>
-      <allow_inactive>no</allow_inactive>
+      <allow_any>yes</allow_any>
+      <allow_inactive>yes</allow_inactive>
       <allow_active>yes</allow_active>
     </defaults>
   </action>