Page 1 of 2 12 LastLast
Results 1 to 10 of 17

Thread: org.freedesktop.udisks2.filesystem-mount-system not working in openSUSE 12.3 KDE

  1. #1

    Default org.freedesktop.udisks2.filesystem-mount-system not working in openSUSE 12.3 KDE

    I just installed openSUSE 12.3 KDE and noticed that I couldn't mount one of my NTFS partitions without root access. I used KDE Settings->Actions Policy to change the authorizations for org.freedesktop.udisks2.filesystem-mount-system to "yes" for Active console, but I am still prompted for a root password every time. How do I fix the mounting permissions so I do not need root access?

    Ben

  2. #2
    Join Date
    Sep 2008
    Location
    Toronto,Canada
    Posts
    549

    Default Re: org.freedesktop.udisks2.filesystem-mount-system not working in openSUSE 12.3 KDE

    you should add the mount into your /etc/fstab(something like):
    Code:
    //server_ip/server_share_name /home/your_user/share_name   cifs    credentials=/home/your_user/.ssh/.creds,_netdev,uid=dan,gid=users 0 0
    in this file /home/your_user/.ssh/.creds you have these entries:
    username=your_username
    password=your_password
    this should belong to you /home/your_user/share_name otherwise you'll not have some rights issues

  3. #3

    Default Re: org.freedesktop.udisks2.filesystem-mount-system not working in openSUSE 12.3 KDE

    Hello Benjamin,
    I had the same problem and spent some days looking for a solution. I'm not a polkit expert but i think there's something wrong with it: either it is poorly documented or it is too frequently changed without compatibility in mind or very few people know exactly how it works.
    Here is the solution I found (it's not my own actually, but i googled really hard to find it):
    - as superuser create a new file named 10-mount-partitions.rules in /usr/share/polkit-1/rules.d, put the following code in it:

    Code:
    // Password-less mounting of local partitions
    polkit.addRule(function(action, subject) {
        if (action.id == "org.freedesktop.udisks2.filesystem-mount-system" &&
                                                     subject.active        &&
                                                     subject.user == "your_standard_username") {
           return polkit.Result.YES;
        }
    });
    This will let standard_user mount system partitions on active console.
    You can find on the Net the proper code to do the same thing with a group instead of a user.
    A few remarks:
    - the number ("10") in front of the file name can be changed but should be kept <50.
    - it seems that the .pkla file made by systemsettings is completely ignored...

    Quote Originally Posted by Benjamin_Xiao View Post
    I just installed openSUSE 12.3 KDE and noticed that I couldn't mount one of my NTFS partitions without root access. I used KDE Settings->Actions Policy to change the authorizations for org.freedesktop.udisks2.filesystem-mount-system to "yes" for Active console, but I am still prompted for a root password every time. How do I fix the mounting permissions so I do not need root access?

    Ben

  4. #4
    Join Date
    Jun 2008
    Location
    Auckland, NZ
    Posts
    20,379
    Blog Entries
    1

    Default Re: org.freedesktop.udisks2.filesystem-mount-system not working in openSUSE 12.3 KDE

    Quote Originally Posted by patrus View Post
    Hello Benjamin,
    I had the same problem and spent some days looking for a solution. I'm not a polkit expert but i think there's something wrong with it: either it is poorly documented or it is too frequently changed without compatibility in mind or very few people know exactly how it works.
    I agree that the documentation is lacking and dated. The 'pkaction' command can be used to list/view policies.

    To get a list of active policies
    Code:
    pkaction
    To get the current privilege settings for udisks2.filesystem-mount-system, type

    Code:
    pkaction --action-id org.freedesktop.udisks2.filesystem-mount-system --verbose
    The openSUSE_121 polkit guide explains
    In order to define your custom set of privileges, use /etc/polkit-default-privs.local. Privileges defined here will always take precedence over the ones defined in the other configuration files.
    For example, in /etc/polkit-default-privs.local, one could add the following custom privilege
    Code:
     org.freedesktop.udisks2.filesystem-mount-system auth_admin:auth_admin:yes
    To make it take effect, you then run (as root)
    Code:
    set_polkit_default_privs
    This will write the changes to /var/lib/polkit-1/localauthority/10-vendor.d/org.freedesktop.udisks2.filesystem-mount-system.pkla

  5. #5
    Join Date
    Sep 2012
    Posts
    5,132

    Default Re: org.freedesktop.udisks2.filesystem-mount-system not working in openSUSE 12.3 KDE

    Quote Originally Posted by deano_ferrari View Post
    Code:
    pkaction --action-id org.freedesktop.udisks2.filesystem-mount-system --verbose
    This refers to system devices. For removables action is supposed to be org.freedesktop.udisks2.filesystem-mount (without system) and at least here it correctly allows active session.
    Code:
    bor@opensuse:~> pkaction --action-id org.freedesktop.udisks2.filesystem-mount --verbose
    org.freedesktop.udisks2.filesystem-mount:
      description:       Mount a filesystem
      message:           Authentication is required to mount the filesystem
      vendor:            The udisks Project
      vendor_url:        http://udisks.freedesktop.org/
      icon:              drive-removable-media
      implicit any:      auth_admin
      implicit inactive: auth_admin
      implicit active:   yes
    I have seen cases when there was no active session at all; whether current session is considered active can be verified using
    Code:
    bor@opensuse:~> loginctl --no-pager show-session -p Active $XDG_SESSION_ID
    Active=yes

  6. #6
    Join Date
    Jun 2008
    Location
    Auckland, NZ
    Posts
    20,379
    Blog Entries
    1

    Default Re: org.freedesktop.udisks2.filesystem-mount-system not working in openSUSE 12.3 KDE

    Quote Originally Posted by arvidjaar View Post
    This refers to system devices. For removables action is supposed to be org.freedesktop.udisks2.filesystem-mount (without system) and at least here it correctly allows active session.
    My post was simply to illustrate how policies can be adjusted via , hence I used the same policy that patrus referred to.

    For reference, I have
    Code:
    # pkaction --action-id org.freedesktop.udisks2.filesystem-mount --verbose
    org.freedesktop.udisks2.filesystem-mount:
      description:       Mount a filesystem
      message:           Authentication is required to mount the filesystem
      vendor:            The udisks Project
      vendor_url:        http://udisks.freedesktop.org/
      icon:              drive-removable-media
      implicit any:      auth_admin
      implicit inactive: auth_admin
      implicit active:   yes
    
    # pkaction --action-id org.freedesktop.udisks2.filesystem-mount-system --verbose
    org.freedesktop.udisks2.filesystem-mount-system:
      description:       Mount a filesystem on a system device
      message:           Authentication is required to mount the filesystem
      vendor:            The udisks Project
      vendor_url:        http://udisks.freedesktop.org/
      icon:              drive-removable-media
      implicit any:      auth_admin
      implicit inactive: auth_admin
      implicit active:   auth_admin_keep
    Last edited by deano_ferrari; 24-Mar-2013 at 01:24.

  7. #7
    Join Date
    Jun 2008
    Location
    Auckland, NZ
    Posts
    20,379
    Blog Entries
    1

    Default Re: org.freedesktop.udisks2.filesystem-mount-system not working in openSUSE 12.3 KDE

    To see active sessions
    Code:
    ck-list-sessions
    This may be useful to others:

    http://udisks.freedesktop.org/docs/latest/index.html
    Last edited by deano_ferrari; 24-Mar-2013 at 01:25.

  8. #8
    Join Date
    Sep 2012
    Posts
    5,132

    Default Re: org.freedesktop.udisks2.filesystem-mount-system not working in openSUSE 12.3 KDE

    Quote Originally Posted by deano_ferrari View Post
    To see active sessions
    Code:
    ck-list-sessions
    No. Console Kit is obsolete and should not be used anymore.
    Code:
    bor@opensuse:~> ck-list-sessions
    Session1:
        unix-user = '501'
        seat = 'Seat2'
        active = FALSE
        is-local = FALSE
    bor@opensuse:~> loginctl --no-pager show-session $XDG_SESSION_ID
    Id=2
    Timestamp=Sat, 2013-03-23 13:18:47 MSK
    TimestampMonotonic=87344100
    Remote=no
    Active=yes
    State=active
    bor@opensuse:~> 
    bor@opensuse:~> loginctl --no-pager list-seats
    SEAT            
    seat0           
    
    1 seats listed.
    I do not even have seat2 and CK believes session is remote and inactive. Which may actually explain some problems if CK is continued to be used.

  9. #9
    Join Date
    Jun 2008
    Location
    Auckland, NZ
    Posts
    20,379
    Blog Entries
    1

    Default Re: org.freedesktop.udisks2.filesystem-mount-system not working in openSUSE 12.3 KDE

    Quote Originally Posted by arvidjaar View Post
    No. Console Kit is obsolete and should not be used anymore.
    I do see ConsoleKit has been replaced with systemd-logind (I'm still using 12.2, so don't have the latter). Anyway, this discussion concerns polkit privileges...

    BTW, you mentioned removable devices (and hence org.freedesktop.udisks2.filesystem-mount) , but the OP was referring to 'internal' NTFS partitions. (As dmera pointed out this can be done via the traditional /etc/fstab approach, but udisks2/DE can also handle these as well).
    Last edited by deano_ferrari; 24-Mar-2013 at 01:50.

  10. #10

    Default Re: org.freedesktop.udisks2.filesystem-mount-system not working in openSUSE 12.3 KDE

    Quote Originally Posted by deano_ferrari View Post
    I agree that the documentation is lacking and dated.
    This is a very polite way to picture this issue.

    I have been searching the web low and high for days now to find out what's up with PolicyKit and this posting finally pushed me in the right direction - thanks for this. The documentation at freedesktop.org is misleading, to say the least, because it doesn't clearly state what the state of the art is. At the suse.org websites there is nothing about the current implementation of PolicyKit.

    My use case: I'm using OpenSuse 12.3 and I have a eSATA disk in an external casing sitting on the desktop (the real one) used for archiving stuff. From the user's point of view this disk should be handled like a USB drive; you just switch it on and off when you need it. No problem with a real USB drive, Opensuse mounts the disk automagically. But not with this drive: from the OS's point of view it isn't a removable drive; it doesn't matter it is in an external casing, it is a system disk and needs manual mounting with root password.

    A fstab entry doesn't help with that; it's the PolicyKit stubbornly asking for root password. There are "solutions" all over the place on the net, but most of them don't work because either they are targeted at the real old PolicyKit version or they are focusing on the current PolicyKit version, but don't work as well.

    Actually the solution is pretty easy once you know it. First the things to forget about:
    • Anything related to fstab. We want the drive to be used temporarily.
    • Any documentation still on the freedesktop.org website about PolicyKit which is not designated as "latest".
    • Any attempt to resolve the issue by using the KDE system settings module "Actions Policy". Doesn't work.
    • Anything about subdirectories named /etc/polkit-1/localauthority and about .pkla files. Doesn't work.


    The only place with some substantial documentation is the "latest" compartment containing the polkit Reference Manual at freedesktop.org. But before going there you should have read this blog article by the maintainer of PolicyKit written in June 2012 (one year ago, that is) where he explains why he has changed the whole configuration business of PolicyKit radically. Using such beasts as simple text files like the .pkla files must have been too easy so he changed it all to JavaScript. Needless to say that the whole file system layout of the configuration has changed since. Now it all is in .rules files here and there.

    Anyway, that alone would have been too easy. Suse has added one layer on top of it: Instead of editing these Javascript .rules files you are meant to edit one config file (a simple text file, for a change) and then let a custom program read this source config file and write your custom config to such a Javascript file. And here we go:

    Opensuse provides three text config files:
    /etc/polkit-default-privs.local
    /etc/polkit-default-privs.standard
    /etc/polkit-default-privs.restrictive

    The names of the latter two speak for themselves; they are meant to serve as prefab config files for either home user or corporate users. In the file /etc/sysconfig/security there is a setting CHECK_POLKIT_PRIVS="" which of course may be set either to "standard" or "restrictive" (defaulting to "standard").

    /etc/polkit-default-privs.local is the one and only file to be edited which then is meant to override the default config file (standard or restrictive). So far it is just a template. As your first step you can just cut and paste lines from one of the two other config files into the polkit-default-privs.local file; in this case that would be this single line:

    Code:
    org.freedesktop.udisks2.filesystem-mount-system         auth_admin:auth_admin:auth_admin_keep
    You would just change the final value to "yes" and then you have ...

    Quote Originally Posted by deano_ferrari View Post
    Code:
     org.freedesktop.udisks2.filesystem-mount-system auth_admin:auth_admin:yes
    ... and finally the second and final step:

    Quote Originally Posted by deano_ferrari View Post
    To make it take effect, you then run (as root)
    Code:
    set_polkit_default_privs
    And that's it. The changed configuration gets written to the file /etc/polkit-1/rules.d/90-default-privs.rules which apparently is the decisive one to be used by PolicyKit (see the "latest" documentation).

    Quote Originally Posted by deano_ferrari View Post
    This will write the changes to /var/lib/polkit-1/localauthority/10-vendor.d/org.freedesktop.udisks2.filesystem-mount-system.pkla
    I'm not sure about that. On my system actually there wasn't such a file written at all. The only file I have met in that vicinity was one file /var/lib/polkit-1/localauthority/75-polkitkde.d/org.freedesktop.udisks2.filesystem.pkla which obviously had been written during my experiments with the KDE system settings module.

    One last note: This simple config (once you know it) will pop up the SuSEplugger when the disk is powered up. I first observed that I had to click at the icon of the drive to actually mount it without being prompted for any password. Later I didn't need to click at all; it went just automagically without any interaction. Don't know how that delay at the first time came about; maybe I was too impatient then.

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •