| View previous topic :: View next topic |
| Author |
Message |
albright
Advocate
Joined: 16 Nov 2003
Posts: 2588
Location: Near Toronto
|
 Posted: Sat Feb 09, 2013 1:27 pm Post subject: |
 |
|
++ on this
I notice that the "remember authorization" option in the
authorization dialogue does (as all too usual) *nothing*
update: for me, a simple fix: in /usr/share/polkit-1/actions
I edited the file: org.freedesktop.udisks2.policy
In the "mount a filesystem" section (first section in file)
I replaced:
| Code: | | <allow_inactive>auth_admin</allow_inactive> |
with
| Code: | | <allow_inactive>yes</allow_inactive> |
I need this because I do not use kdm.
Now I can mount usb sticks with authorization dialogue popping up
Perhaps this will help or provide some clue to what is going on ...
_________________
.... there is nothing - absolutely nothing - half so much worth
doing as simply messing about with Linux ...
(apologies to Kenneth Graeme) |
|
| Back to top |
|
 |
DaggyStyle
Watchman
Joined: 22 Mar 2006
Posts: 5929
|
| Posted: Sat Feb 09, 2013 3:36 pm Post subject: |
|
|
if this still gives up a popup dialog, than it is not good enough for me.
don't know why the f*** someone in kde thinks that all my family needs to know the root passwd of the system to mount a f****** usb msd.
_________________
Only two things are infinite, the universe and human stupidity and I'm not sure about the former - Albert Einstein |
|
| Back to top |
|
|
kite14
Apprentice
Joined: 07 Nov 2006
Posts: 216
Location: Italy
|
| Posted: Sat Feb 09, 2013 4:34 pm Post subject: |
|
|
Hi,
I upgraded to KDE 4.10 as well, but apart from the problems with plasma and systemtray (see this thread and this one ) I have no issues with mounting USB flash drive: I just plug my device and the notification widget pops up to let me choose what action to perform (usually "open with file manager" or other content-dependent actions), all this as a normal user, without password request..
No need to change settings or tweak polkit configuration files.
And I think we have the same udisks and udev version:
| Code: | sys-fs/udev-197-r4
sys-fs/udisks-1.0.4-r4 and sys-fs/udisks-2.0.91 (slotted) |
|
|
| Back to top |
|
|
DaggyStyle
Watchman
Joined: 22 Mar 2006
Posts: 5929
|
| Posted: Sat Feb 09, 2013 4:43 pm Post subject: |
|
|
same versions here.
_________________
Only two things are infinite, the universe and human stupidity and I'm not sure about the former - Albert Einstein |
|
| Back to top |
|
|
albright
Advocate
Joined: 16 Nov 2003
Posts: 2588
Location: Near Toronto
|
| Posted: Sat Feb 09, 2013 6:38 pm Post subject: |
|
|
| Quote: | | Now I can mount usb sticks with authorization dialogue popping up |
sorry for the confusion above; I mean to write "without authorization..."
_________________
.... there is nothing - absolutely nothing - half so much worth
doing as simply messing about with Linux ...
(apologies to Kenneth Graeme) |
|
| Back to top |
|
|
DaggyStyle
Watchman
Joined: 22 Mar 2006
Posts: 5929
|
| Posted: Sat Feb 09, 2013 7:01 pm Post subject: |
|
|
| albright wrote: | | Quote: | | Now I can mount usb sticks with authorization dialogue popping up |
sorry for the confusion above; I mean to write "without authorization..." |
will check, thanks
_________________
Only two things are infinite, the universe and human stupidity and I'm not sure about the former - Albert Einstein |
|
| Back to top |
|
|
SamuliSuominen
Retired Dev
Joined: 30 Sep 2005
Posts: 2133
Location: Finland
|
| Posted: Sat Feb 09, 2013 8:20 pm Post subject: |
|
|
Does `ck-list-sessions` when ran as normal user from X11 Terminal (like Konsole) and shell print anything like this?
| Quote: |
Session2:
unix-user = '1000'
realname = '(null)'
seat = 'Seat1'
session-type = ''
active = TRUE <- MUST BE TRUE!
x11-display = ':0'
x11-display-device = '/dev/tty7'
display-device = '/dev/tty1'
remote-host-name = ''
is-local = TRUE <- MUST BE TRUE!
on-since = '2013-02-07T12:20:56.982495Z'
login-session-id = '1'
|
If those are not TRUE, then you should propably read first post of https://forums.gentoo.org/viewtopic-t-858965-start-0.html
It's mostly up to date, anyway. |
|
| Back to top |
|
|
DaggyStyle
Watchman
Joined: 22 Mar 2006
Posts: 5929
|
| Posted: Mon Feb 11, 2013 6:05 pm Post subject: |
|
|
| ssuominen wrote: | Does `ck-list-sessions` when ran as normal user from X11 Terminal (like Konsole) and shell print anything like this?
| Quote: |
Session2:
unix-user = '1000'
realname = '(null)'
seat = 'Seat1'
session-type = ''
active = TRUE <- MUST BE TRUE!
x11-display = ':0'
x11-display-device = '/dev/tty7'
display-device = '/dev/tty1'
remote-host-name = ''
is-local = TRUE <- MUST BE TRUE!
on-since = '2013-02-07T12:20:56.982495Z'
login-session-id = '1'
|
If those are not TRUE, then you should propably read first post of https://forums.gentoo.org/viewtopic-t-858965-start-0.html
It's mostly up to date, anyway. |
it is false here, following the post give me this:
| Code: |
dagg@NCC-5001-D ~ $ Su USE=gdu emerge -atv gnome-base/gvfs
Password:
These are the packages that would be merged, in reverse order:
Calculating dependencies... done!
[ebuild N ~] gnome-base/gvfs-1.14.2 USE="cdda gdu gphoto2 gtk samba udev udisks -afp -archive -avahi -bluetooth -bluray -doc -fuse -gnome-keyring -http -ios -systemd" 1,434 kB
[ebuild N ] gnome-base/libgdu-3.0.2 USE="-avahi -doc -gnome-keyring" 1,956 kB
[ebuild N #] gnome-base/gnome-common-3.6.0:3 141 kB
[ebuild N ~] dev-libs/libcdio-paranoia-0.90 USE="cxx -static-libs {-test}" 0 kB
|
which is a no in my part, I see no logical answer to the question "why solving this issue on kde requires installing gnome-common?"
albright's suggestion works but I get the same dialog when I try to unmount.
_________________
Only two things are infinite, the universe and human stupidity and I'm not sure about the former - Albert Einstein |
|
| Back to top |
|
|
SamuliSuominen
Retired Dev
Joined: 30 Sep 2005
Posts: 2133
Location: Finland
|
| Posted: Mon Feb 11, 2013 6:34 pm Post subject: |
|
|
| DaggyStyle wrote: | | ssuominen wrote: | Does `ck-list-sessions` when ran as normal user from X11 Terminal (like Konsole) and shell print anything like this?
| Quote: |
Session2:
unix-user = '1000'
realname = '(null)'
seat = 'Seat1'
session-type = ''
active = TRUE <- MUST BE TRUE!
x11-display = ':0'
x11-display-device = '/dev/tty7'
display-device = '/dev/tty1'
remote-host-name = ''
is-local = TRUE <- MUST BE TRUE!
on-since = '2013-02-07T12:20:56.982495Z'
login-session-id = '1'
|
If those are not TRUE, then you should propably read first post of https://forums.gentoo.org/viewtopic-t-858965-start-0.html
It's mostly up to date, anyway. |
it is false here, following the post give me this:
| Code: |
dagg@NCC-5001-D ~ $ Su USE=gdu emerge -atv gnome-base/gvfs
Password:
These are the packages that would be merged, in reverse order:
Calculating dependencies... done!
[ebuild N ~] gnome-base/gvfs-1.14.2 USE="cdda gdu gphoto2 gtk samba udev udisks -afp -archive -avahi -bluetooth -bluray -doc -fuse -gnome-keyring -http -ios -systemd" 1,434 kB
[ebuild N ] gnome-base/libgdu-3.0.2 USE="-avahi -doc -gnome-keyring" 1,956 kB
[ebuild N #] gnome-base/gnome-common-3.6.0:3 141 kB
[ebuild N ~] dev-libs/libcdio-paranoia-0.90 USE="cxx -static-libs {-test}" 0 kB
|
which is a no in my part, I see no logical answer to the question "why solving this issue on kde requires installing gnome-common?"
albright's suggestion works but I get the same dialog when I try to unmount. |
You don't have to install gvfs for KDE. Just skip that. Rest of the guide is still accurate in your situation and explains howto get the required 'active = TRUE' |
|
| Back to top |
|
|
albright
Advocate
Joined: 16 Nov 2003
Posts: 2588
Location: Near Toronto
|
| Posted: Mon Feb 11, 2013 6:41 pm Post subject: |
|
|
| Quote: | | albright's suggestion works but I get the same dialog when I try to unmount. |
yes, you have to modify the unmount section too - an exercise left
to the reader 
_________________
.... there is nothing - absolutely nothing - half so much worth
doing as simply messing about with Linux ...
(apologies to Kenneth Graeme) |
|
| Back to top |
|
|
SamuliSuominen
Retired Dev
Joined: 30 Sep 2005
Posts: 2133
Location: Finland
|
| Posted: Mon Feb 11, 2013 7:07 pm Post subject: |
|
|
| albright wrote: | | Quote: | | albright's suggestion works but I get the same dialog when I try to unmount. |
yes, you have to modify the unmount section too - an exercise left
to the reader |
needless to say the files in /usr are static and should not be modified. ever. portage will just overwrite them, and correctly so, on re-emerge/upgrade of polkit/udisks/and co.
if user wants access outside of 'active = TRUE' setup then .rules file is added to /etc/polkit-1/rules.d/ that gives such authorization |
|
| Back to top |
|
|
albright
Advocate
Joined: 16 Nov 2003
Posts: 2588
Location: Near Toronto
|
| Posted: Mon Feb 11, 2013 7:20 pm Post subject: |
|
|
| Quote: | | should not be modified. ever. |
... ssshh ... I close the blinds before I do it
_________________
.... there is nothing - absolutely nothing - half so much worth
doing as simply messing about with Linux ...
(apologies to Kenneth Graeme) |
|
| Back to top |
|
|
DaggyStyle
Watchman
Joined: 22 Mar 2006
Posts: 5929
|
| Posted: Mon Feb 11, 2013 7:28 pm Post subject: |
|
|
| ssuominen wrote: |
needless to say the files in /usr are static and should not be modified. ever. portage will just overwrite them, and correctly so, on re-emerge/upgrade of polkit/udisks/and co. |
and still kdmrc is under /usr and not undr /etc where one must change it for multiseat setup.
| ssuominen wrote: |
if user wants access outside of 'active = TRUE' setup then .rules file is added to /etc/polkit-1/rules.d/ that gives such authorization |
can you point me to a tutorial on how to define such roles?
_________________
Only two things are infinite, the universe and human stupidity and I'm not sure about the former - Albert Einstein |
|
| Back to top |
|
|
tomk
Bodhisattva
Joined: 23 Sep 2003
Posts: 7221
Location: Sat in front of my computer
|
|
| Back to top |
|
|
SamuliSuominen
Retired Dev
Joined: 30 Sep 2005
Posts: 2133
Location: Finland
|
| Posted: Tue Feb 12, 2013 4:26 pm Post subject: |
|
|
| DaggyStyle wrote: |
| ssuominen wrote: |
if user wants access outside of 'active = TRUE' setup then .rules file is added to /etc/polkit-1/rules.d/ that gives such authorization
|
can you point me to a tutorial on how to define such roles?
|
Sure. The manpage comes with examples.
So for example,
/etc/polkit-1/rules.d/01-org.freedesktop.udisks2.filesystem-mount.rules:
| Code: |
polkit.addRule(function(action, subject) {
if (action.id == "org.freedesktop.udisks2.filesystem-mount" &&
subject.isInGroup("wheel")) {
return polkit.Result.YES;
}
});
|
Would give authorization for everyone in group "wheel" to do filesystem-mounẗ́
Here are couple of more:
| Code: |
$ ls -l /usr/portage/net-misc/modemmanager/files/*.rules /usr/portage/net-misc/networkmanager/files/*.rules
|
|
|
| Back to top |
|
|
DaggyStyle
Watchman
Joined: 22 Mar 2006
Posts: 5929
|
| Posted: Tue Feb 12, 2013 5:52 pm Post subject: |
|
|
thanks
_________________
Only two things are infinite, the universe and human stupidity and I'm not sure about the former - Albert Einstein |
|
| Back to top |
|
|
SamuliSuominen
Retired Dev
Joined: 30 Sep 2005
Posts: 2133
Location: Finland
|
| Posted: Tue Feb 12, 2013 6:59 pm Post subject: |
|
|
| DaggyStyle wrote: |
and still kdmrc is under /usr and not under /etc where one must change it for multiseat setup.
|
Right. Debian has majorly patched KDE to use /etc for the same reasons. Gentoo's KDE is not patched for this, unfortunately. Even the kde-misc/polkit-kde-kcmodules is editing sys-auth/polkit's files directly in /usr -- imagine another package editing another's static files, very ugly.
My best advise is to not use KDE if you want RO mounted /usr. |
|
| Back to top |
|
|
blietaer
Tux's lil' helper
Joined: 27 Apr 2006
Posts: 103
|
| Posted: Sun Feb 17, 2013 8:15 pm Post subject: |
|
|
I _do_ understand this sticky post ain't purposed to solve everyone single case by case issue...
...*but* having followed the very first post and skimmed thru the following ones, I can't mount a (USB) device as a logged X user without being prompted for root password.
I don't mean to be rude, but this is of course not acceptable (compared to other OS or not)
I do confess having recently re-installed my whole Gentoo box in the dream to get rid of KDE/Gnome giant and use the OpenBox project (i love it...so far)
But I do also understand that I will loose 'out-of-the-box' easier feature (such as mounting USB stuff as a dummy user)
| Code: | udisks --mount /dev/sdc2
Mount failed: Not Authorized
|
and:
| Code: | $ gvfs-mount -d /dev/sdc2
Error mounting /dev/sdc2: The authentication dialog was dismissed |
(Yes, I closed the bugging GUI dialog for root password)
and worst of all:
| Code: |
ck-list-sessions
Session5:
unix-user = '1001'
realname = '(null)'
seat = 'Seat1'
session-type = 'x11'
active = TRUE
x11-display = ':0.0'
x11-display-device = '/dev/tty7'
display-device = ''
remote-host-name = ''
is-local = TRUE
on-since = '2013-02-17T20:08:35.058823Z'
login-session-id = '3'
Session6:
unix-user = '1001'
realname = '(null)'
seat = 'Seat1'
session-type = ''
active = FALSE
x11-display = ':0.0'
x11-display-device = '/dev/tty7'
display-device = ''
remote-host-name = ''
is-local = TRUE
on-since = '2013-02-17T20:08:35.072399Z'
login-session-id = '3'
|
My .xinirtc:
| Code: | cat .xinitrc
#exec gnome-session
exec ck-launch-session dbus-launch --sh-syntax --exit-with-session openbox-session
|
~amd64
I am not too sure where to look next....  |
|
| Back to top |
|
|
SamuliSuominen
Retired Dev
Joined: 30 Sep 2005
Posts: 2133
Location: Finland
|
| Posted: Sun Feb 17, 2013 8:51 pm Post subject: |
|
|
| blietaer wrote: |
and worst of all:
| Code: |
ck-list-sessions
Session5:
unix-user = '1001'
realname = '(null)'
seat = 'Seat1'
session-type = 'x11'
active = TRUE
x11-display = ':0.0'
x11-display-device = '/dev/tty7'
display-device = ''
remote-host-name = ''
is-local = TRUE
on-since = '2013-02-17T20:08:35.058823Z'
login-session-id = '3'
Session6:
unix-user = '1001'
realname = '(null)'
seat = 'Seat1'
session-type = ''
active = FALSE
x11-display = ':0.0'
x11-display-device = '/dev/tty7'
display-device = ''
remote-host-name = ''
is-local = TRUE
on-since = '2013-02-17T20:08:35.072399Z'
login-session-id = '3'
|
|
You said it.
There is double x11-display-device for /dev/tty7. There should only be one for /dev/tty7. It would cause issues like this. Remove any custom ck-launch-command if using Display Manager with internal ConsoleKit support. |
|
| Back to top |
|
|
blietaer
Tux's lil' helper
Joined: 27 Apr 2006
Posts: 103
|
| Posted: Mon Feb 18, 2013 10:22 am Post subject: |
|
|
Well, this is embarassing:
I had such custom ck-launch-command in my .xinitrc and removing this from it solved my issue and I can now plus any USB as dummy user.
And you _DID_ mention this in the very first sticky post.... 
Shame.
I did not reboot and got this now:
| Code: | ck-list-sessions
Session4:
unix-user = '0'
realname = 'root'
seat = 'Seat1'
session-type = ''
active = FALSE
x11-display = ''
x11-display-device = ''
display-device = '/dev/tty1'
remote-host-name = ''
is-local = TRUE
on-since = '2013-02-18T10:18:15.073148Z'
login-session-id = '3'
idle-since-hint = '2013-02-18T10:19:16.834122Z'
Session5:
unix-user = '1001'
realname = '(null)'
seat = 'Seat1'
session-type = 'x11'
active = TRUE
x11-display = ':0.0'
x11-display-device = '/dev/tty7'
display-device = ''
remote-host-name = ''
is-local = TRUE
on-since = '2013-02-18T10:18:54.126788Z'
login-session-id = '4'
|
Acceptable ?
Anyway, it does work for me...
Thanx & apologies for this. |
|
| Back to top |
|
|
Havin_it
Veteran
Joined: 17 Jul 2005
Posts: 1266
Location: Edinburgh, UK
|
| Posted: Fri Feb 22, 2013 2:24 pm Post subject: |
|
|
| ssuominen wrote: | | You don't have to install gvfs for KDE. Just skip that. |
Can I request then that the post make this clear? That just added to the time wasted on this. (My own fault for not reading the whole thread, perhaps, but still...)
| ssuominen wrote: | | Rest of the guide is still accurate in your situation and explains howto get the required 'active = TRUE' |
*cough* Not over here it don't. Followed it slavishly (including gvfs), even tried albright's hacks above, full reboot after every step: no joy, still just getting "Not Authorized" when trying to mount anything (thumb drives, SD cards in internal reader).
Using KDM, currently still on kde-4.9 (4.10 sounds like it may be worse judging by the above). Can't sleep or hibernate from GUI either, though that might be unrelated.
ck-list-sessions:
| Code: | Session1:
unix-user = '1000'
realname = '(null)'
seat = 'Seat1'
session-type = ''
active = TRUE
x11-display = ':0'
x11-display-device = '/dev/tty7'
display-device = ''
remote-host-name = ''
is-local = TRUE
on-since = '2013-02-22T14:02:28.635794Z'
login-session-id = '' |
Any other conf happily provided on request. |
|
| Back to top |
|
|
steveL
Watchman
Joined: 13 Sep 2006
Posts: 5153
Location: The Peanut Gallery
|
| Posted: Sun Feb 24, 2013 3:36 pm Post subject: |
|
|
| Havin_it wrote: | Followed it slavishly (including gvfs), even tried albright's hacks above, full reboot after every step: no joy, still just getting "Not Authorized" when trying to mount anything (thumb drives, SD cards in internal reader).
Using KDM, currently still on kde-4.9 (4.10 sounds like it may be worse judging by the above). Can't sleep or hibernate from GUI either, though that might be unrelated.
|
FWIW I followed Dominique's guide to getting rid of nubkit, and then emerged sys-apps/uam and sys-apps/pmount (just the one from portage tree, not bug or overlay) and I now have no problem at all using eg: pmount /dev/sdc2 /media/pi_root where sdc is an SDHC card reader with the Raspbian install card.
At some point I'll use the ebuilds that she recommends, when I need a GUI for it, and also to allow pmount outside /media.
I use lvm and standard udev, delayed to start after localmount since I don't need any udev-started devices to mount /usr, nor is root on lvm/RAID or encrypted, which means I don't need an initramfs, along with kde-4.9 and switched from KMail to mutt with Maildir and procmail for email since I got rid of semantic-craptop about a year ago. Having got rid of *kit, I'll have to sort out a replacement for K3b at some point: I haven't missed it at all, though it's always been a killer KDE app in my eyes, along with KMail before it got semantic-crappified.
KDE rocks now - 4.9 feels like 3.5 used to :-) tho ofc Kate is a lot nicer; "Attach as Tab to" has made a world of difference: apps moving around in the taskbar becomes much less of an issue (tho still amateur-ville imo: "spatial memory" is pretty fundamental to HCI) and ad-hoc groupings at WM level are very useful, in and of themselves. |
|
| Back to top |
|
|
virduun
n00b
Joined: 02 Jun 2011
Posts: 26
|
| Posted: Tue Mar 12, 2013 1:29 am Post subject: |
|
|
| Thanks so much, krigav. The new rule from this post fixed the issue I've been having recently with Dolphin in KDE constantly bothering me about an admin password when trying to mount things. I was getting so damn tired of that breaking every 3-4 updates and then sometimes taking another 3-4 updates to get fixed again. Hopefully that rule will help guard against the adverse effects of further reinventions of the wheel that they seem to do every 3 weeks. |
|
| Back to top |
|
|
nikitas350
n00b
Joined: 09 Sep 2009
Posts: 19
|
| Posted: Tue Apr 16, 2013 5:23 pm Post subject: |
|
|
| Thanks a lot! |
|
| Back to top |
|
|
SamuliSuominen
Retired Dev
Joined: 30 Sep 2005
Posts: 2133
Location: Finland
|
| Posted: Tue Apr 16, 2013 6:38 pm Post subject: |
|
|
| Havin_it wrote: | | ssuominen wrote: | | You don't have to install gvfs for KDE. Just skip that. |
Can I request then that the post make this clear? That just added to the time wasted on this. (My own fault for not reading the whole thread, perhaps, but still...)
| ssuominen wrote: | | Rest of the guide is still accurate in your situation and explains howto get the required 'active = TRUE' |
*cough* Not over here it don't. Followed it slavishly (including gvfs), even tried albright's hacks above, full reboot after every step: no joy, still just getting "Not Authorized" when trying to mount anything (thumb drives, SD cards in internal reader).
Using KDM, currently still on kde-4.9 (4.10 sounds like it may be worse judging by the above). Can't sleep or hibernate from GUI either, though that might be unrelated.
ck-list-sessions:
| Code: | Session1:
unix-user = '1000'
realname = '(null)'
seat = 'Seat1'
session-type = ''
active = TRUE
x11-display = ':0'
x11-display-device = '/dev/tty7'
display-device = ''
remote-host-name = ''
is-local = TRUE
on-since = '2013-02-22T14:02:28.635794Z'
login-session-id = '' |
Any other conf happily provided on request. |
login-session-id = '' should never be empty. It's mentioned in the first post of this thread. If it's empty it's almost certainly because of missing CONFIG_AUDITSYSCALL=y kernel option:
| Code: |
# zgrep AUDITSYSCALL /proc/config.gz
CONFIG_AUDITSYSCALL=y
# grep AUDITSYSCALL /lib/modules/$(uname -r)/build/.config
CONFIG_AUDITSYSCALL=y
# grep AUDITSYSCALL /usr/src/linux/.config
CONFIG_AUDITSYSCALL=y
|
The kernel option can be worked around using some Display Managers with advanced internal ConsoleKit support, but really, enable it, it's not worth the trouble figuring out which DM works and which doesn't without the option.
Sorry for the delay in answer, but I'm swamped with work lately. |
|
| Back to top |
|
|
|
Desktop Environments
