I have here a multi-seat machine which admits removable media (USB sticks, SD cards, etc.) Any user with physical access to the ports/slots can mount and use one of those. What I would like is for any other user to be able to unmount a device mounted by another user, who may or may no longer be logged in.
Currently, on attempting to unmount such a device, an “authentication required” dialogue appears asking for the root password–under details, the responsible policy is announced as “org.freedesktop.udisks.filesystem-unmount-others”.
Clearly, what is needed is a configuration change for that policy from “auth_admin” to, in my case, “yes”. Now the question is where should I change this so that it takes effect?
As a KDE4 user, a first and sort of obvious stop is System Settings > Actions Policy. Unfortunately, that’s a bit of a non-starter for now (but certainly looking forward to see it working sometime).
That having failed, I proceed to the relevant documentation for OpenSUSE with the intention of finding out how to change the implicit privileges as described in section 9.3 of the aforementioned documentation. Therein it is stated that “there are two PolicyKit versions available in parallel with openSUSE: the “old” PolicyKit and the “new” polkit version (polkit-1)” (great! but it is not stated which controls what, so I take a potshot and run as root:
polkit-action --set-defaults-active org.freedesktop.udisks.filesystem-unmount-others yes
Which results in a rather discouraging announcement of:
Cannot find policy file entry for action id 'org.freedesktop.udisks.filesystem-unmount-others'
That didn’t seem to work, so I hazard a guess that the “new” polkit might be involved, as intimated by the documentation, which directs one to http://hal.freedesktop.org/docs/polkit/, a page labelled as “PolicyKit Reference Manual” and consisting mostly of the API description (just in case I might ever wish to write a PolicyKit client?). Anyhow, at the bottom of that page one finds links to a couple of man pages, so I open the one for polkit(8). Towards the bottom of that page there is a section on “declaring actions” which points to the directory /usr/share/polkit-1/actions as the place where things happen, so I look in that directory on the offending machine and find the file /usr/share/polkit-1/actions/org.freedesktop.udisks.policy which I open–rather encouraging, the section for org.freedesktop.udisks.filesystem-unmount-others shows the same configuration that appears in KDE’s System Settings > Actions Policy, so I go and change that. After applying the changes I open System Settings and observe that it reflects the new values, as does running this:
# pkaction --verbose --action-id org.freedesktop.udisks.filesystem-unmount-others
org.freedesktop.udisks.filesystem-unmount-others:
description: Unmount a device mounted by another user
message: Authentication is required to unmount devices mounted by another user
vendor: The udisks Project
vendor_url: http://udisks.freedesktop.org/
icon: drive-removable-media
implicit any: no
implicit inactive: no
implicit active: yes
Unfortunately, attempting to unmount another user’s device still does not work: the authorisation required dialogue still pops up. Note that every attempt is carried out after both the mounter and the unmounter users have logged out, then logged back in, then the mounter mounts, and the other user attempts to unmount.
Ok, so I am not making much progress so I move on to the next option, even if I think it’s less than ideal: explicit privileges. I proceed according to section 9.3.2.2. Modifying Configuration Files for Explicit Privileges of the OpenSUSE docs, and modify the file /etc/PolicyKit/PolicyKit.conf so that it now includes the lines:
<match action="org.freedesktop.udisks.filesystem-unmount-others">
<return result="yes" />
</match>
I try yet once again. No joy.
Google seems to know about plenty of problems with PolicyKit configuration but not many solutions. Is it that I am missing something, doing something wrong, or the whole blasted thing simply does not work, or what?
Any suggestions, ideas, guesses, commentary, philosophical ramblings, flames, football scores, local newspaper clippings, pen1s enlargement offers, misrouted emails, or State secrets are warmly welcome. Not that I am frustrated or anything.