| View previous topic :: View next topic |
| Author |
Message |
chanakam2000
Tux's lil' helper
Joined: 14 Sep 2006
Posts: 76
|
 Posted: Tue Dec 11, 2007 10:31 am Post subject: security policy prevents usb automounting |
 |
|
Hi all,
Sorry for long post. I want you to know it clearly
We are using gentoo & xfce4 X windows system.
our globak use flgs are as follow.
| Code: | | USE="jpeg png truetypes -gnome -kde -qt3 -qt4 X dbus hal startup-notification -ipv6 xcomposite" |
& /etc/portage/package.use here
| Code: | | xfce-base/xfce4 minimal |
We have installed
| Quote: |
xfce-extra/thunar-volman
Latest version available: 0.2.0
Latest version installed: 0.2.0 |
result for rc-update show here
| Code: |
l29 ~ # rc-update show
bootmisc | boot
checkfs | boot
checkroot | boot
clock | boot
consolefont | boot
hald | default
hostname | boot
keymaps | boot
local | default nonetwork
localmount | boot
modules | boot
net.eth0 | default
net.lo | boot
netmount | default
portmap | default
rmnologin | boot
sshd | default
syslog-ng | default
urandom | boot
vixie-cron | default |
when I log in as root & plug a usb drive it mounting automatically & displaying an icon at desktop.
So USB device easily accessible It is fine.
So i want similar behaviour to normal users (who are not root)
I went through some forum posts and found editting /etc/group & adding normal users to certain groups will help in this issue.
so now my /etc/group is here
| Code: | root::0:root
bin::1:root,bin,daemon
daemon::2:root,bin,daemon
sys::3:root,bin,adm
adm::4:root,adm,daemon
tty::5:
disk::6:root,adm,haldaemon
lp::7:lp
mem::8:
kmem::9:
wheel::10:root
floppy::11:root,haldaemon
mail::12:mail
news::13:news
uucp::14:uucp
man::15:man
console::17:
audio::18:
cdrom:!:19:haldaemon,]chanaka
dialout::20:root
tape::26:root
video::27:root
cdrw:!:80:haldaemon,chanaka
usb:!:85:haldaemon,chanaka
users::100:games
nofiles:x:200:
smmsp:x:209:smmsp
portage::250:portage
utmp:x:406:
nogroup::65533:
nobody::65534:
ldap:x:439:
sshd:x:22:
cron:x:16:
crontab:x:440:
messagebus:x:441:
lpadmin:x:106:
haldaemon:x:442:haldaemon
plugdev:!:443:haldaemon,chanaka
rpc:x:111: |
Now appart from root the user named chanaka can use USB drives (automount when plug & icon @ desktop)
But other users cant.
But here my problem is we want this setup in a general LAB .There are about 300 users. and 50 machines
and no of users & there user names are changing time to time.
So is there any easy way overcome this. (Rather tahn adding each individual user to certain groups)
And another thing is all 300 users are LDAP users & they are in few groups named teachers, first_year_students etc.
Can you please give me some fancy ideas to solve this problem.
Thank you.
Sorry for long post
Last edited by chanakam2000 on Tue Dec 11, 2007 1:42 pm; edited 1 time in total |
|
| Back to top |
|
 |
JeliJami
Veteran
Joined: 17 Jan 2006
Posts: 1086
Location: Belgium
|
| Posted: Tue Dec 11, 2007 11:58 am Post subject: Re: USB drive mount problem |
|
|
| chanakam2000 wrote: |
But here my problem is we want this setup in a general LAB .There are about 300 users. and 50 machines
and no of users & there user names are changing time to time.
So is there any easy way overcome this. (Rather tahn adding each individual user to certain groups)
And another thing is all 300 users are LDAP users & they are in few groups named teachers, first_year_students etc.
|
Use pam authentication with ldap?
_________________
Unanswered Post Initiative | Search | FAQ
Former username: davjel |
|
| Back to top |
|
|
chanakam2000
Tux's lil' helper
Joined: 14 Sep 2006
Posts: 76
|
| Posted: Tue Dec 11, 2007 12:16 pm Post subject: Re: USB drive mount problem |
|
|
| davjel wrote: | | chanakam2000 wrote: |
But here my problem is we want this setup in a general LAB .There are about 300 users. and 50 machines
and no of users & there user names are changing time to time.
So is there any easy way overcome this. (Rather tahn adding each individual user to certain groups)
And another thing is all 300 users are LDAP users & they are in few groups named teachers, first_year_students etc.
|
Use pam authentication with ldap? |
Yes We are using pam authentication with LDAP.
Thank |
|
| Back to top |
|
|
chanakam2000
Tux's lil' helper
Joined: 14 Sep 2006
Posts: 76
|
| Posted: Tue Dec 11, 2007 12:41 pm Post subject: |
|
|
I missed one thing,
when a non root user looged on the usb device icon is displaying on desktop
But when try to access it it give following error message.
| Code: | Failed to mount "KINGSTON"
A security policy in place prevents this sender from sending this message to this
recipient. see message bus configuration file. (rejected message had interface
"org.freedesktop.Hal.Device.Volume" member "Mount" error name "(unset)" destination
"org.freedesktop.Hal")
|
Sorry I cant understand this message. what is bus configuration file.
How to correct it ? |
|
| Back to top |
|
|
JeliJami
Veteran
Joined: 17 Jan 2006
Posts: 1086
Location: Belgium
|
| Posted: Tue Dec 11, 2007 1:31 pm Post subject: |
|
|
| chanakam2000 wrote: | I missed one thing,
when a non root user looged on the usb device icon is displaying on desktop
But when try to access it it give following error message.
| Code: | Failed to mount "KINGSTON"
A security policy in place prevents this sender from sending this message to this
recipient. see message bus configuration file. (rejected message had interface
"org.freedesktop.Hal.Device.Volume" member "Mount" error name "(unset)" destination
"org.freedesktop.Hal")
|
Sorry I cant understand this message. what is bus configuration file.
How to correct it ? |
Sorry I can't help you any further.
Maybe it's time to change the topic title from USB drive mount problem to something like security policy prevents usb automounting. That may attract people that know about this.
Good luck!
_________________
Unanswered Post Initiative | Search | FAQ
Former username: davjel |
|
| Back to top |
|
|
skyPhyr
Apprentice
Joined: 17 Sep 2004
Posts: 159
Location: London, UK
|
| Posted: Mon Feb 11, 2008 1:38 pm Post subject: |
|
|
Hi chanakam,
I hit the same issue here, and found your post. Good news is
it got me thinking and it relates to an issue I've hit before. I
have a similar setup to you, but with kerberos authentication
with ldap, rather than ldap authentication.
Pam authentication stops at the local version of a group if it
exists (so I had to remove wheel from /etc/group in order to
have the wheel on my ldap server checked). So I thought it
may be hitting a similar issue with the plugdev group.
It seems removing plugdev from /etc/group got me sorted,
but then I had a tonne of ldap not found messages when
udev started. So I had to remove rules (in my case all the
libgphoto rules) to get rid of these messages on boot.
Perhaps you know of another way to get udev to ignore
groups which are missing on boot, but anyway hopefully this
will resolve your issue too.
Cheers,
Alan. |
|
| Back to top |
|
|
|
Kernel & Hardware
