Explanation of file - org.freedesktop.login1.policy

This link contains the information given by the other answer in a better way.

Especially this part:

The defaults tag is where the permissions or lack thereof are located.
It contains three settings: allow_any, allow_inactive, and allow_active.
Inactive sessions are generally remote sessions (SSH, VNC, etc.) whereas active sessions are logged directly into the machine on a TTY or an X display.
allow_any is the setting encompassing both scenarios.

For each of these settings the following options are available:

no: The user is not authorized to carry out the action. There is therefore no need for authentication.
yes: The user is authorized to carry out the action without any authentication.
auth_self: Authentication is required but the user need not be an administrative user.
auth_admin: Authentication as an administrative user is require.
auth_self_keep: The same as auth_self but, like sudo, the authorization lasts a few minutes.
auth_admin_keep: The same as auth_admin but, like sudo, the authorization lasts a few minutes.

Also, here is the official manual page of polkit.

Hibernation can be made to be turned on from cron by changing the no to yes inside the allow_any tags under the actions org.freedesktop.login1.hibernate and org.freedesktop.login1.hibernate-multiple-sessions.

But this is not a recommended solution as it can be erased during future upgrades.

Instead you can make a file containing the following: 

[Enable hibernate to be run via cron]
Identity=unix-user:*
Action=org.freedesktop.login1.hibernate;org.freedesktop.login1.hibernate-multiple-sessions
ResultAny=yes

named com.0.enable-hibernation-from-cron.pkla in the directory /etc/polkit-1/localauthority/50-local.d/ to achieve the same effect.

An even better solution using visudo is given here.


From section DECLARING ACTIONS of polkit - Authorization Framework:

defaults

       This element is used to specify implicit authorizations for
       clients.

       Elements that can be used inside defaults includes:

       allow_any
           Implicit authorizations that apply to any client. Optional.

       allow_inactive
           Implicit authorizations that apply to clients in inactive
           sessions on local consoles. Optional.

       allow_active
           Implicit authorizations that apply to clients in active
           sessions on local consoles. Optional.

       Each of the allow_any, allow_inactive and allow_active elements can
       contain the following values:

       no
           Not authorized.

       yes
           Authorized.

       auth_self
           Authentication by the owner of the session that the client
           originates from is required.

       auth_admin
           Authentication by an administrative user is required.

       auth_self_keep
           Like auth_self but the authorization is kept for a brief
           period.

       auth_admin_keep
           Like auth_admin but the authorization is kept for a brief
           period.

I hope this makes it clear for you.

Tags:

Authorization

Shutdown

Power Management

Systemd

Polkit

Recent Posts