Fprintd and old policykit
On my Thinkpad X230 Tablet running Devuan GNU+Linux, I could see my fingerprint reader but my user did not have permission to enroll fingers. I would get this error:
$ fprintd-enroll --finger right-thumb
Using device /net/reactivated/Fprint/Device/0
Enrolling right-thumb finger.
EnrollStart failed: GDBus.Error:net.reactivated.Fprint.Error.PermissionDenied: Not Authorized: net.reactivated.fprint.device.enroll
Clearly the device is accessible to the root user.
$ sudo fprintd-enroll --finger right-thumb
Using device /net/reactivated/Fprint/Device/0
Enrolling right-thumb finger.
I am used to working with PolicyKit, so I whipped up a .rules file! This is file /usr/share/polkit-1/rules.d/80-fprintd.rules.
polkit.addRule(function(action, subject) {
if (action.id.indexOf("net.reactivated.fprint.") == 0 || action.id.indexOf("net.reactivated.Fprint.") == 0) {
polkit.log("action=" + action);
polkit.log("subject=" + subject);
return polkit.Result.YES;
}
});
Unfortunately, it didn't fix my problem! I recalled that Debian uses an older version of PolicyKit (technically the name of the old package, before it was rewritten or renamed to polkit). So I had to go learn how to write a .pkla file. This goes in file /etc/polkit-1/localuthority/20-org.d/fprintd.pkla
[Everyone fingerprints]
Identity=unix-group:*
Action=net.reactivated.fprint.device.*
ResultAny=yes
ResultInactive=no
ResultActive=yes
No daemon restarts are necessary. Just define this file with these contents, and now the fingerprint reader enrollment is available to all users!
Comments