View previous topic :: View next topic |
Author |
Message |
ppurka Advocate
Joined: 26 Dec 2004 Posts: 3256
|
Posted: Mon May 07, 2012 5:30 pm Post subject: How can I mount CD as user using udisks? |
|
|
Just look at this: Code: | ~» pkexec udisks --mount /dev/cdrom3
Mounted /org/freedesktop/UDisks/devices/sr0 at /media/My Disc
~» cd /media/My\ Disc
cd: permission denied: /media/My Disc
~ [1] » pkexec udisks --unmount /dev/cdrom3
~» pkexec udisks --mount /dev/cdrom3 --mount-options uid=$UID
Mount failed: Mount option uid=500 is not allowed
~» pkexec udisks --mount /dev/cdrom3 --mount-options umask=0000
Mount failed: Mount option umask=0000 is not allowed
| Essentially, nothing works and udisks is quite broken. So, how am I supposed to mount a cd drive as user?
As for why udisks is broken, it needs a completely different incantation depending on the type of device being mounted and depending on the type of the filesystem on the device. fat filesystems require the "umask=0000" option (about a year earlier uid=$UID used to work), and ext3/2 filesystems don't need any magic incantations/options. ntfs is *thankfully* nicely handled by ntfs-3g. And now I am stuck with unmountable CDs. _________________ emerge --quiet redefined | E17 vids: I, II | Now using kde5 | e is unstable :-/ |
|
Back to top |
|
|
SamuliSuominen Retired Dev
Joined: 30 Sep 2005 Posts: 2133 Location: Finland
|
Posted: Tue May 08, 2012 7:59 am Post subject: |
|
|
You shouldn't be using `pkexec` at all with `udisks` as UDisks has native PolicyKit support, so simple:
$ udisks --mount /dev/cdrom3
And you are done. If this is not working by "Not authorized." message, even then `pkexec`is not the solution but getting your user recognized as a local user by ConsoleKit or writing .pkla file for UDisks is.
See, https://forums.gentoo.org/viewtopic-t-858965-start-0.html
Last edited by SamuliSuominen on Wed Apr 17, 2013 4:38 pm; edited 1 time in total |
|
Back to top |
|
|
ppurka Advocate
Joined: 26 Dec 2004 Posts: 3256
|
|
Back to top |
|
|
SamuliSuominen Retired Dev
Joined: 30 Sep 2005 Posts: 2133 Location: Finland
|
|
Back to top |
|
|
ppurka Advocate
Joined: 26 Dec 2004 Posts: 3256
|
Posted: Tue May 08, 2012 4:03 pm Post subject: |
|
|
ssuominen wrote: |
Example of how one would use UDisks, but not with pkexec or other superuser tool, getting permissions from PolicyKit directly:
Edit this for your username or a certain group you belong to, then try with plain "udisks --mount /dev/cdrom3".
Source: $ man 8 pklocalauthority
/etc/polkit-1/localauthority/50-local.d/10-org.freedesktop.udisks.pkla
Code: |
# Can be also unix-user:username and the separator for adding multiple in same line is char ;
#
# ResultAny and ResultInactive are forcing them to be enabled despite if
# ConsoleKit is with `ck-list-sessions` command saying "active =" TRUE or FALSE.
[Full permissions for UDisks ver. 1]
Identity=unix-group:wheel
Action=org.freedesktop.udisks.*
ResultAny=yes
ResultInactive=yes
ResultActive=yes
|
Everything you have possible edited before in /usr/share/polkit* and related should be propably the way they got shipped. All configuration is done in /etc. |
Ok. Perhaps I wasn't clear in the other thread. This is the sequence of events:
1. In the very beginning hal + ivman + pmont used to "just work" by configuring only two files in ~/.ivman
2. With all the polkit and consolekit and udisks, this changed. So after reading many posts, I found that the configuration here worked: https://forums.gentoo.org/viewtopic-p-6551751.html#6551751
3. Sometime last October/November this broke so again after a lot of reading I created this:
Code: | ~» cat /etc/polkit-1/localauthority/50-local.d/99-udisks-mount.pkla
# Action=org.freedesktop.udisks.*
[Allow to mount and unmount disks]
Identity=unix-group:wheel
Action=org.freedesktop.udisks.filesystem-mount,org.freedesktop.udisks.drive-eject
ResultAny=yes
ResultInactive=yes
ResultActive=yes
|
This worked on the command line, but doesn't work for scripts called as user and from root. The post https://forums.gentoo.org/viewtopic-p-6864136.html#6864136 shows how I was able to get this to somehow work again. Apparently, I haven't needed to mount data CDs since then and so I didn't realize that it doesn't work in all cases.
At this point, I am just frustrated at the current state of affairs with udisks. It is very hard to get any good or relevant documentation for end-users. On top of that, whatever configuration works today is not guaranteed to work a couple of months from now. My primary requirements are:
1. Mount as user.
2. The mounted medium should be accessible (read and write) by user.
3. The mounting may sometimes be done by root after su-ing to user.
What is most counterintuitive is that it is often possible to mount the device as user, and then the user is unable to access the contents. What good does that do? Why allow the user to mount it when the user can't access it? It seems so fundamentally flawed.
EDIT: Just to be double clear - I know that editing /usr/share/polkit... files will work. I want to avoid that. That was the main concern why I had opened the earlier thread. If I was happy with editing /usr/share files, I wouldn't be creating so many forum posts. Till now, I haven't obtained any concrete and clear instructions from anywhere which works. I am not blaming you or anyone else (other than whoever wrote this polkit <--> udisks mess).
EDIT2: My base system is all stable arch (except for portage-2.2). I have a very few packages keyworded and they are almost all end-user packages: Code: | ~» cat /etc/portage/package.keywords/package.keywords
=app-vim/tagbar-2.2
=dev-cpp/gmock-1.5.0 ~amd64
=kde-misc/basket-1.9999 **
=media-gfx/gimp-2.7.3-r1 **
=media-libs/chromaprint-0.6 ~amd64
=media-sound/split2flac-0.1_pre20111110-r2
=media-video/nvidia-settings-290.10 ~amd64
=sys-apps/portage-2.2* **
=sys-kernel/gentoo-sources-3.3.2
=x11-plugins/e_modules-xkbswitch-9999 **
net-im/skype
www-plugins/google-talkplugin
x11-plugins/e_modules-comp-scale **
x11-plugins/e_modules-e-tiling **
x11-plugins/e_modules-engage **
x11-plugins/e_modules-everything-places **
~app-admin/eselect-opencl-1.1.0
~app-misc/klavaro-1.9.3
~app-text/pdfshuffler-0.5.1-r1
~dev-python/python-poppler-0.12.1
~gnome-extra/nm-applet-0.9.2.0
~media-libs/mlt-0.7.8
~media-sound/clementine-1.0.1-r1 ~amd64
~media-video/libav-0.8.1
~net-misc/networkmanager-0.9.2.0
~net-misc/ntpclient-2007.365
~sys-kernel/linux-headers-3.3
~x11-libs/gtkdatabox-0.9.1.1
|
_________________ emerge --quiet redefined | E17 vids: I, II | Now using kde5 | e is unstable :-/ |
|
Back to top |
|
|
lkraav Tux's lil' helper
Joined: 13 Oct 2004 Posts: 129 Location: Estonia
|
Posted: Wed Apr 17, 2013 6:50 am Post subject: |
|
|
"man 8 pklocalauthority" doesn't exist anymore in polkit-0.110. What's the latest on this? |
|
Back to top |
|
|
ppurka Advocate
Joined: 26 Dec 2004 Posts: 3256
|
Posted: Wed Apr 17, 2013 6:55 am Post subject: |
|
|
lkraav wrote: | "man 8 pklocalauthority" doesn't exist anymore in polkit-0.110. What's the latest on this? | Latest is ... completely remove udisks. It's a pain in the neck.
I have shifted to using udevil. It has just one configuration file and you can set all the permissions and mount options there. After that it "just works". No more fiddling around with stupid polkit configurations. _________________ emerge --quiet redefined | E17 vids: I, II | Now using kde5 | e is unstable :-/ |
|
Back to top |
|
|
lkraav Tux's lil' helper
Joined: 13 Oct 2004 Posts: 129 Location: Estonia
|
|
Back to top |
|
|
ppurka Advocate
Joined: 26 Dec 2004 Posts: 3256
|
Posted: Wed Apr 17, 2013 8:25 am Post subject: |
|
|
Fact is - it doesn't matter. polkit+consolekit combo is quite broken and more than often doesn't work for me. And then something or the other changes in these packages which needs me to dig around and get them working again.
I have made sure that I don't depend on them as much as possible. Thanks to udevil, I have been able to get away from *kits for mounting. Only thing left is nm-applet (which doesn't save the system configuration for me). Unfortunately, there is no easy to use connection manager in Linux other than the nm-applet and networkmanager combo. _________________ emerge --quiet redefined | E17 vids: I, II | Now using kde5 | e is unstable :-/ |
|
Back to top |
|
|
lkraav Tux's lil' helper
Joined: 13 Oct 2004 Posts: 129 Location: Estonia
|
Posted: Wed Apr 17, 2013 8:35 am Post subject: |
|
|
Yeah I believe you. ITMW I did get together a polkit rule that I needed for inactive session mounting:
Code: | polkit.addRule(function(action, subject) {
if ((action.id == "org.freedesktop.udisks.filesystem-mount") && subject.isInGroup("disk")) {
return polkit.Result.YES;
}
}); |
It looks like I wasn't hitting udisks2 rules at all because I have both udisks:0 and udisks:2 installed:
Code: | $ equery d udisks
* These packages depend on udisks:
app-emulation/wine-1.5.19 (udisks ? sys-fs/udisks:2)
app-text/calibre-0.9.6 (sys-fs/udisks:2)
(sys-fs/udisks:0)
gnome-base/gvfs-1.14.2 (udisks ? >=sys-fs/udisks-1.97:2)
media-tv/xbmc-12.1 (udev ? sys-fs/udisks:0)
sys-fs/bashmount-1.6.2 (sys-fs/udisks:0)
|
Then I found out how to use a few log statements to find out what rules is queried when I run udisks.
http://www.freedesktop.org/software/polkit/docs/latest/polkit.8.html
Now all is good. |
|
Back to top |
|
|
SamuliSuominen Retired Dev
Joined: 30 Sep 2005 Posts: 2133 Location: Finland
|
|
Back to top |
|
|
|