Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
How do I make proper udisks setting in /etc/polkit-1?[S + W]
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Desktop Environments
View previous topic :: View next topic  
Author Message
ppurka
Advocate
Advocate


Joined: 26 Dec 2004
Posts: 3256

PostPosted: Sun Nov 06, 2011 3:03 am    Post subject: How do I make proper udisks setting in /etc/polkit-1?[S + W] Reply with quote

[S + W] == [Solved + Workaround] (in the thread title. Had no space left to write it fully)

I have the following problem which I have hacked around till now by editing /usr/share/polkit-1/actions/org.freedesktop.udisks.policy. I have a script udev_data which is hooked up to udev via a rules.d file:
Code:
SUBSYSTEM=="block", ACTION=="add", SUBSYSTEMS=="usb", ENV{ID_FS_USAGE}=="filesystem", RUN+="/usr/local/bin/udev_data"
SUBSYSTEM=="block", ACTION=="add", SUBSYSTEMS=="mmc", ENV{ID_FS_USAGE}=="filesystem", RUN+="/usr/local/bin/udev_data"
The aim of the script udev_data is to prompt me with a graphical dialog whenever a usb device is plugged in and only on confirmation, it mounts the drive. To make this possible, I have the following file in /etc/polkit-1 which is supposed to override the /usr/share/polkit-1 file (it does override when I am logged in and run udisks --mount from a terminal)
Code:
~> cat /etc/polkit-1/localauthority//50-local.d/99-udisks-mount.pkla
# Action=org.freedesktop.udisks.*
[Allow to mount and unmount disks]
Identity=unix-group:wheel
Action=org.freedesktop.udisks.filesystem-mount,org.freedesktop.udisks.drive-eject
ResultAny=yes
ResultInactive=yes
ResultActive=yes

I can mount using udisks from command line but not from udev_data. A simple version of udev_data is given below and it shows what is wrong:
Code:
#!/bin/bash -x
exec &>> /tmp/udev.log
X_USER="username"
export DISPLAY=:0.0
export X_USER=$X_USER
export LC_ALL="en_US.UTF-8"
export BROWSER="/usr/local/bin/firox"
export PATH="/usr/local/bin:${PATH}"

#exec su $X_USER -c "ck-launch-session dbus-launch --exit-with-session udisks --mount $DEVNAME" &
exec su $X_USER -c "udisks --mount $DEVNAME" &
exit 0
It doesn't matter which of the "exec su" lines I run; the result is the same: "Mount failed: Not Authorized".


The workaround I currently have is to edit /usr/share/polkit-1/actions/org.freedesktop.udisks.policy and change allow_any and allow_inactive to yes:
Code:
  <action id="org.freedesktop.udisks.filesystem-mount">
    <description>Mount a device</description>
    <message>Authentication is required to mount the device</message>
    <defaults>
      <allow_any>yes</allow_any>
      <allow_inactive>yes</allow_inactive>
      <allow_active>yes</allow_active>
    </defaults>
  </action>


Obviously, this is not how it should be done, and so I ask the *kit gurus: what is the proper way to do this? According to pklocalauthority( 8 ) manpage, files in /etc/polkit-1 should override the files defined elsewhere. Why is this not taking effect?

NB: All the 100s of scripts designed to automount disks as soon as they are plugged in is not what I want. What I want is graphical prompts to the user, and the external drives mounted as the user.
_________________
emerge --quiet redefined | E17 vids: I, II | Now using kde5 | e is unstable :-/


Last edited by ppurka on Sun Nov 06, 2011 10:16 am; edited 1 time in total
Back to top
View user's profile Send private message
SamuliSuominen
Retired Dev
Retired Dev


Joined: 30 Sep 2005
Posts: 2133
Location: Finland

PostPosted: Sun Nov 06, 2011 8:44 am    Post subject: Reply with quote

Take a look at 'sys-fs/bashmount'

And as for running as another user, you want `pkexec` instead of `su`

man pkexec
Back to top
View user's profile Send private message
ppurka
Advocate
Advocate


Joined: 26 Dec 2004
Posts: 3256

PostPosted: Sun Nov 06, 2011 10:08 am    Post subject: Reply with quote

Hi ssuominen,
pkexec has helped. It, however, seems to behave weirdly if I insert vfat drives. I had to modify my mount options from "--mount-options uid=500" to "--mount-options umask=0000". If I don't do that, then I get into the error I describe below. On the other hand, "uid=500" works nicely from terminal, so I don't even know why it behaves differently with pkexec.

Thanks.


[Still keeping the following text, although I have found a nasty workaround]

Thanks pkexec has helped to some extent. Now, I can mount some (ext2) drives. The following problem still remains:

I can not mount a vfat drive as user (using --mount-options uid=500). It works from the terminal, but doesn't work from the script. I get the following error:
Mount failed: Mount option uid=500 is not allowed
If I do not provide that option, then the result is that the drive is mounted as root/root and I am unable to browse its contents.

I have created /usr/share/polkit-1/actions/org.freedesktop.policykit.udev_data.policy:
Code:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE policyconfig PUBLIC
 "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
 "http://www.freedesktop.org/standards/PolicyKit/1/policyconfig.dtd">
<policyconfig>

  <vendor>Examples for the PolicyKit Project</vendor>
  <vendor_url>http://hal.freedesktop.org/docs/PolicyKit/</vendor_url>

  <action id="org.freedesktop.policykit.udev_data">
    <description>Run the PolicyKit example program Frobnicate</description>
    <message>Authentication is required to run the PolicyKit example program Frobnicate (user=$(user), program=$(program), command_line=$(command_line))</message>
    <icon_name>audio-x-generic</icon_name>
    <defaults>
      <allow_any>yes</allow_any>
      <allow_inactive>yes</allow_inactive>
      <allow_active>yes</allow_active>
    </defaults>
    <annotate key="org.freedesktop.policykit.exec.path">/usr/bin/udisks</annotate>
  </action>

</policyconfig>

_________________
emerge --quiet redefined | E17 vids: I, II | Now using kde5 | e is unstable :-/
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Desktop Environments All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum