Normal yes
Normal yes
I will have to check my settings against those of others who are known to work. Could someone please report what the following command gives as a result?
vodoo@host:~> cat /etc/sysconfig/security | sed -e "/^#/d" -e "/^$/d"
CHECK_POLKIT_PRIVS=""
POLKIT_DEFAULT_PRIVS=""
CHECK_PERMISSIONS="set"
PERMISSION_SECURITY="easy local"
CHECK_SIGNATURES="yes"
This looks ok for me, but one never knows …
CHECK_POLKIT_PRIVS=""
POLKIT_DEFAULT_PRIVS=""
CHECK_PERMISSIONS="set"
PERMISSION_SECURITY="easy local"
CHECK_SIGNATURES="yes"
Looks the same
Did you ever do a complete wipe
Are all Pen drives the same?
Did you ever do a complete wipe
Wipe and reformat the pen drive? No.
Are all Pen drives the same?
I tried two different pen drives. Same result.
The following shows in /var/log/messages when I insert the stick and try to open it with dolphin:
Nov 8 17:54:17 myhost kernel: 2008.267544] usb 1-1.2: new high speed USB device using ehci_hcd and address 6
Nov 8 17:54:17 myhost kernel: 2008.356047] usb 1-1.2: New USB device found, idVendor=090c, idProduct=1000
Nov 8 17:54:17 myhost kernel: 2008.356052] usb 1-1.2: New USB device strings: Mfr=1, Product=2, SerialNumber=3
Nov 8 17:54:17 myhost kernel: 2008.356056] usb 1-1.2: Product: USB DISK
Nov 8 17:54:17 myhost kernel: 2008.356059] usb 1-1.2: Manufacturer: SMI Corporation
Nov 8 17:54:17 myhost kernel: 2008.356062] usb 1-1.2: SerialNumber: 00000000000000003780
Nov 8 17:54:17 myhost kernel: 2008.356522] scsi11 : usb-storage 1-1.2:1.0
Nov 8 17:54:18 myhost kernel: 2009.357333] scsi 11:0:0:0: Direct-Access SMI USB DISK 2040 PQ: 0 ANSI: 0 CCS
Nov 8 17:54:18 myhost kernel: 2009.357868] sd 11:0:0:0: Attached scsi generic sg2 type 0
Nov 8 17:54:19 myhost kernel: 2009.360168] sd 11:0:0:0: [sdb] 125952 512-byte logical blocks: (64.4 MB/61.5 MiB)
Nov 8 17:54:19 myhost kernel: 2009.361275] sd 11:0:0:0: [sdb] Write Protect is off
Nov 8 17:54:19 myhost kernel: 2009.361278] sd 11:0:0:0: [sdb] Mode Sense: 43 00 00 00
Nov 8 17:54:19 myhost kernel: 2009.361280] sd 11:0:0:0: [sdb] Assuming drive cache: write through
Nov 8 17:54:19 myhost kernel: 2009.364509] sd 11:0:0:0: [sdb] Assuming drive cache: write through
Nov 8 17:54:19 myhost kernel: 2009.364514] sdb: sdb1
Nov 8 17:54:19 myhost kernel: 2009.405397] sd 11:0:0:0: [sdb] Assuming drive cache: write through
Nov 8 17:54:19 myhost kernel: 2009.405403] sd 11:0:0:0: [sdb] Attached SCSI removable disk
Nov 8 17:54:27 myhost polkitd(authority=local): Operator of
unix-session:/org/freedesktop/ConsoleKit/Session2 FAILED to authenticate
to gain authorization for action org.freedesktop.udisks.filesystem-mount
for system-bus-name::1.22 [/usr/lib/gvfs/gvfs-gdu-volume-monitor]
(owned by unix-user:vodoo)
The problem seems to be with PolicyKit or ConsoleKit.
The problem seems to be with PolicyKit or ConsoleKit.
Yes, you may be right here, it does look like a CK issue. I wonder whether this is config related now, or maybe it possible that this is session-related? Does this problem persist through a reboot, and a new KDE session for example? What about if a new user account created? Just some thoughts…
From me for your compare
Nov 8 11:23:17 LENOVO-G550 kernel: 4085.529290] Initializing USB Mass Storage driver...
Nov 8 11:23:17 LENOVO-G550 kernel: 4085.529503] scsi5 : usb-storage 2-2:1.0
Nov 8 11:23:17 LENOVO-G550 kernel: 4085.529647] usbcore: registered new interface driver usb-storage
Nov 8 11:23:17 LENOVO-G550 kernel: 4085.529650] USB Mass Storage support registered.
Nov 8 11:23:18 LENOVO-G550 kernel: 4086.534165] scsi 5:0:0:0: Direct-Access UT163 USB Flash Disk 0.00 PQ: 0 ANSI: 2
Nov 8 11:23:18 LENOVO-G550 kernel: 4086.534397] sd 5:0:0:0: Attached scsi generic sg2 type 0
Nov 8 11:23:18 LENOVO-G550 kernel: 4086.539405] sd 5:0:0:0: [sdb] 1974271 512-byte logical blocks: (1.01 GB/963 MiB)
Nov 8 11:23:18 LENOVO-G550 kernel: 4086.540272] sd 5:0:0:0: [sdb] Write Protect is off
Nov 8 11:23:18 LENOVO-G550 kernel: 4086.540278] sd 5:0:0:0: [sdb] Mode Sense: 00 00 00 00
Nov 8 11:23:18 LENOVO-G550 kernel: 4086.540282] sd 5:0:0:0: [sdb] Assuming drive cache: write through
Nov 8 11:23:18 LENOVO-G550 kernel: 4086.545766] sd 5:0:0:0: [sdb] Assuming drive cache: write through
Nov 8 11:23:18 LENOVO-G550 kernel: 4086.545776] sdb:
Nov 8 11:23:18 LENOVO-G550 kernel: 4086.659638] sd 5:0:0:0: [sdb] Assuming drive cache: write through
Nov 8 11:23:18 LENOVO-G550 kernel: 4086.659645] sd 5:0:0:0: [sdb] Attached SCSI removable disk
Nov 8 11:26:21 LENOVO-G550 kernel: 4269.227133] usb 2-2: USB disconnect, address 4
On 2010-11-08 12:36, vodoo wrote:
> Anyway, when I remove the stick and insert it again the permission
> change is gone. It is not permanent. The relevant line in /etc/mount
> just after automount looks like:
Ah!
Then I think I know what is happening.
Yesterday I started a session with a stick plugged in - gnome asked for
root permissions to mount it. This is not normal. Unplug, replug, and it is
mounted without questions asked.
Why? Because the mount attempt happens before gnome had control, only root
had a text terminal (VT1).
Could this be what is happening at your end?
> Code:
> --------------------
> /dev/sdi1 on /media/USBSTICK type vfat (rw,nosuid,nodev,uid=0,utf8,shortname=mixed,flush)
> --------------------
Two things: don’t write fstab lines using /dev/sd? for external devices,
use labels or uuids. The device can change from one time to another.
The other, is that if you have an fstab for a device, neither kde nor gnome
should mount it automatically.
–
Cheers / Saludos,
Carlos E. R.
(from 11.2 x86_64 “Emerald” at Telcontar)
Thank you all for your help so far.
Does this problem persist through a reboot, and a new KDE session for example?
Yes.
@caf4926: yep, yours looks good.
@robin_listas a.k.a. Carlos E. R.:
Yesterday I started a session with a stick plugged in - gnome asked for root permissions to mount it. This is not normal. Unplug, replug, and it is mounted without questions asked.
This means it does not work (i.e. automount a removable pen drive) which is already plugged in during boot. Your explanation for why this happens seems valid. But my case is different. I get the error when inserting the pen drive after a complete boot to the KDE GUI.
Two things: don’t write fstab lines using /dev/sd? for external devices, use labels or uuids. The device can change from one time to another.
I do not have any entries for removable media in /etc/fstab.
# cat /dev/fstab
/dev/disk/by-id/ata-WDC_WD10EARS-00Y5B1_WD-WCAV5H118138-part3 swap swap defaults 0 0
/dev/disk/by-id/ata-WDC_WD10EARS-00Y5B1_WD-WCAV5H118138-part2 / ext4 defaults 1 1
/dev/disk/by-id/ata-WDC_WD10EARS-00Y5B1_WD-WCAV5H118138-part1 /boot ext2 defaults 1 2
/dev/disk/by-id/ata-WDC_WD10EARS-00Y5B1_WD-WCAV5H118138-part4 /home ext4 acl,user_xattr 1 2
proc /proc proc defaults 0 0
sysfs /sys sysfs noauto 0 0
debugfs /sys/kernel/debug debugfs noauto 0 0
usbfs /proc/bus/usb usbfs noauto 0 0
devpts /dev/pts devpts mode=0620,gid=5 0 0
/dev/disk/by-id/ata-WDC_WD10EARS-00Y5B1_WD-WCAV5H111631-part1 /drive ext4 defaults 1 2
/dev/disk/by-id/ata-WDC_WD10EADS-00L5B1_WD-WCAU45423722-part1 /drive2 ext3 defaults 1 2
/dev/disk/by-id/ata-WDC_WD10EACS-00C7B0_WD-WCASJ2208234-part4 /oldbox reiserfs defaults 1 2
/dev/disk/by-id/ata-WDC_WD10EACS-00C7B0_WD-WCASJ2208234-part2 /oldbox/usr reiserfs defaults 1 2
The line quoted in your post (showing /dev/sdi1) was produced with the mount command after automounting the pen drive with root privileges.
I checked my settings with yast / partitioner and see that I selected to mount by device-ID. I think this is reflected by the contents of /etc/fstab above. The odd thing is that mappings for /dev/sdb to /dev/sdf are missing. This started right at installation. The reason is that I am using those WD drives with physical 4K sectors. I had to partition them with parted before installation. I made 4 block-aligned primary partitions on /dev/sda intended for /boot, /, swap and /home. The yast automatic partitioner then proposed to delete /dev/sda4, make an extended partition instead and put its logical partitions there. I choose the manual partitioning, deleted the nonsense stuff and did assign the mount points manually without formatting again. The gap in path numbering was never filled afterwards.
Can this be the cause of my problems?
On 2010-11-09 12:06, vodoo wrote:
> @robin_listas a.k.a. Carlos E. R.:
> This means it does not work (i.e. automount a removable pen drive)
> which is already plugged in during boot. Your explanation for why this
> happens seems valid. But my case is different. I get the error when
> inserting the pen drive after a complete boot to the KDE GUI.
Ah. Pity then.
…
> The line quoted in your post (showing /dev/sdi1) was produced with the
> mount command after automounting the pen drive with root privileges.
Yep, I thought of that later.
>
> I checked my settings with yast / partitioner and see that I selected
> to mount by device-ID. I think this is reflected by the contents of
> /etc/fstab above.
That setting in YaST is not permanent. I always choose “by-label” and I
have to reselect it every time.
> The odd thing is that mappings for /dev/sdb to
> /dev/sdf are missing.
Why odd?
Well, if you want entries, just write them yourself, using the partitioner
or a text editor.
> This started right at installation. The reason is
> that I am using those WD drives with physical 4K sectors. I had to
> partition them with parted before installation. I made 4 block-aligned
> primary partitions on /dev/sda intended for /boot, /, swap and /home.
> The yast automatic partitioner then proposed to delete /dev/sda4, make
> an extended partition instead and put its logical partitions there. I
> choose the manual partitioning, deleted the nonsense stuff and did
> assign the mount points manually without formatting again.
I always do manual partitioning, I don’t pay attention to what it proposes
anymore. If the partitions were already formatted, there is no problem with
what you did.
> The gap in
> path numbering was never filled afterwards.
>
> Can this be the cause of my problems?
I don’t think so.
I assume you mean that you do have disks sdb, sdc… sdf, but that they are
not listed? Or that you do not have them at all, and so it is weird that
the usb stick appears as /dev/sdi?
I don’t see how any of that would relate to your problem, but… :-?
Anyway, you could try creating a new user and seeing if it has the same
problem with the stick. You can also try with gnome. Then you would know if
the problem is related to the desktop or to the user configuration, or the
system.
–
Cheers / Saludos,
Carlos E. R.
(from 11.2 x86_64 “Emerald” at Telcontar)
On Fri, 05 Nov 2010 18:06:01 GMT, vodoo <vodoo@no-mx.forums.opensuse.org>
wrote:
>
>robin_listas wrote:
>
>11.3
>
>
>Code:
>--------------------
> cer@Elanor:~> polkit-action --action org.freedesktop.hal.storage.mount-removable
> action_id: org.freedesktop.hal.storage.mount-removable
> description: Mount file systems from removable drives.
> message: System policy prevents mounting removable media
> default_any: no
> default_inactive: no
> default_active: yes
>--------------------
>
>
>and I get (on 11.3):
>
>
>Code:
>--------------------
> vodoo@host:~> polkit-action --action org.freedesktop.hal.storage.mount-removable
> action_id: org.freedesktop.hal.storage.mount-removable
> description: Mount file systems from removable drives.
> message: System policy prevents mounting removable media
> default_any: auth_admin_keep_always (factory default: no)
> default_inactive: auth_admin_keep_always (factory default: no)
> default_active: yes
>--------------------
>
>
>Slight differences, but I do not understand their significance. On my
>11.2 system I get exactly the same as on 11.3. However, on 11.2 dolphin
>(I think it is dolphin) opens a window and asks for the root password;
>then it works. 11.3 opens dolphin right away and then fails with the
>error message.
Having been around a nearby block recently; i recommend forcibly
reinstalling (preferably downgrade then upgrade) all of the following:
policy-kit, hal and udev. Do not attempt to reboot the machine without
any version of policy-kit (installed), you will end up reinstalling
openSuse.
On Sat, 06 Nov 2010 12:07:20 GMT, “Carlos E. R.”
<robin_listas@no-mx.forums.opensuse.org> wrote:
>On 2010-11-06 09:06, deano ferrari wrote:
>>
>> I’d be inclined to check the security settings in YaST:
>>
>> YaST > Security and Users > Local Security
>>
>> In particular, the ‘Security Overview’ settings include ‘Use secure
>> file permissions’. For reference, mine is set to ‘Easy’, but your’s may
>> be different (ie ‘Secure’, or ‘Paranoid’)
>
>I concur.
>
>Your message rang a bell, so I looked in my archive and found a post from
>someone having the same problem (with hibernation refused) and that was the
>cause.
>
>And I think I saw somewhere a post about a similar (easy, secure) setting
>for polkit somewhere :-?
Yes there is, but it does not work properly. Even a reboot may not get
the updates to take effect.
On 2010-11-11 03:28, josephkk wrote:
> On Sat, 06 Nov 2010 12:07:20 GMT, “Carlos E. R.”
> <> wrote:
>> And I think I saw somewhere a post about a similar (easy, secure) setting
>> for polkit somewhere :-?
>
> Yes there is, but it does not work properly. Even a reboot may not get
> the updates to take effect.
Depending how you change it, you need to run SuSEconfig, not reboot.
–
Cheers / Saludos,
Carlos E. R.
(from 11.2 x86_64 “Emerald” at Telcontar)
I’ve had similar issues along with root password requirement for reboot\shutdown. After a lot of research I’ve resolved most of them with /etc/PolicyKit/PolicyKit.conf edit:
<?xml version="1.0" encoding="UTF-8"?> <!-- -*- XML -*- -->
<!DOCTYPE pkconfig PUBLIC "-//freedesktop//DTD PolicyKit Configuration 1.0//EN"
"http://hal.freedesktop.org/releases/PolicyKit/1.0/config.dtd">
<!-- See the manual page PolicyKit.conf(5) for file format -->
<config version="0.1">
<match user="**Allowed username goes here**">
<match action="org.freedesktop.hal.storage.mount-removable">
<return result="yes" />
</match>
<match action="hal-storage-mount-removable-extra-options">
<return result="yes"/>
</match>
<match action="org.freedesktop.hal.storage.eject-removable">
<return result="yes" />
</match>
<match action="org.freedesktop.hal.storage.eject">
<return result="yes" />
</match>
<match action="org.freedesktop.hal.storage.mount-fixed">
<return result="yes"/>
</match>
<match action="hal-storage-mount-fixed-extra-options">
<return result="yes"/>
</match>
<match action="org.freedesktop.hal.power-management.shutdown">
<return result="yes"/>
</match>
<match action="org.freedesktop.hal.power-management.shutdown-multiple-sessions">
<return result="no"/>
</match>
<match action="org.freedesktop.hal.power-management.reboot">
<return result="yes"/>
</match>
<match action="org.freedesktop.hal.power-management.reboot-multiple-sessions">
<return result="no"/>
</match>
<match action="org.freedesktop.hal.power-management.suspend">
<return result="yes"/>
</match>
<match action="org.freedesktop.hal.power-management.hibernate">
<return result="yes"/>
</match>
<match action="org.freedesktop.consolekit.system.stop">
<return result="yes"/>
</match>
<match action="org.freedesktop.consolekit.system.restart">
<return result="yes"/>
</match>
</match>
</config>
It’s still unclear how to integrate it with user-management. As if you add more users, you still need to manually add them into PolicyKit.conf too.
Also for me it’s not solved automount problem completely, as on first plug of memory stick or CD you still need to click mount icon in device-notifier, after that you need to open “Removable Devices” in “System settings” and check options “Automount on login” and “Automount on attach”. For some reason general option “Enable automatic mounting of removable media” doesn’t work at all. But this seems to be some KDE problem.
Thank you D_E; this is brilliant. I took the brute force solution and added to /etc/PolicyKit/PolicyKit.conf:
<config version="0.1">
<match user="vodoo">
<return result="yes"/>
</match>
</config>
This means that vodoo has all rights on any action. Now it works.
On 2010-11-12 13:06, vodoo wrote:
> This means that vodoo has all rights on any action. Now it works.
X’-)
Wow.
–
Cheers / Saludos,
Carlos E. R.
(from 11.2 x86_64 “Emerald” at Telcontar)
On Thu, 11 Nov 2010 10:55:38 GMT, “Carlos E. R.”
<robin_listas@no-mx.forums.opensuse.org> wrote:
>On 2010-11-11 03:28, josephkk wrote:
>> On Sat, 06 Nov 2010 12:07:20 GMT, “Carlos E. R.”
>> <> wrote:
>
>>> And I think I saw somewhere a post about a similar (easy, secure) setting
>>> for polkit somewhere :-?
>>
>> Yes there is, but it does not work properly. Even a reboot may not get
>> the updates to take effect.
>
>Depending how you change it, you need to run SuSEconfig, not reboot.
I tried using Yast, suseconfig, hand edits with testing after each, both
with and without fresh logins and finally reboots. Nothing was reliable
in getting the changes to take effect let alone stick. But then again,
that was on 11.1, kde 3.5 up to date.