data: Fix desktop-centric polkit policy

Change the polkit policy so accountsservice allows use of the
DBus API by admin users that are not logged in via a monitor+keyboard.
This includes users logged in via ssh or Cockpit.

https://bugs.freedesktop.org/show_bug.cgi?id=78279

1 files changed, 6 insertions, 6 deletions

diff --git a/data/org.freedesktop.accounts.policy.in b/data/org.freedesktop.accounts.policy.in
index 0a2cd15..1c97c3a 100644
--- a/data/org.freedesktop.accounts.policy.in
+++ b/data/org.freedesktop.accounts.policy.in
@@ -11,8 +11,8 @@
     <_description>Change your own user data</_description>
     <_message>Authentication is required to change your own user data</_message>
     <defaults>
-      <allow_any>no</allow_any>
-      <allow_inactive>no</allow_inactive>
+      <allow_any>auth_self</allow_any>
+      <allow_inactive>auth_self</allow_inactive>
       <allow_active>yes</allow_active>
     </defaults>
   </action>
@@ -21,8 +21,8 @@
     <_description>Manage user accounts</_description>
     <_message>Authentication is required to change user data</_message>
     <defaults>
-      <allow_any>no</allow_any>
-      <allow_inactive>no</allow_inactive>
+      <allow_any>auth_admin</allow_any>
+      <allow_inactive>auth_admin</allow_inactive>
       <allow_active>auth_admin_keep</allow_active>
     </defaults>
   </action>
@@ -31,8 +31,8 @@
     <_description>Change the login screen configuration</_description>
     <_message>Authentication is required to change the login screen configuration</_message>
     <defaults>
-      <allow_any>no</allow_any>
-      <allow_inactive>no</allow_inactive>
+      <allow_any>auth_admin</allow_any>
+      <allow_inactive>auth_admin</allow_inactive>
       <allow_active>auth_admin_keep</allow_active>
     </defaults>
     <annotate key="org.gnome.gconf.defaults.set-mandatory.prefix">/apps/gdm/simple-greeter</annotate>