How do I kick hal in the backside?

I’ve done quite a bit of searching, and reading various howtos, but still can’t get that ratbag hal to allow me to mount removable storage through dolphin!

I really hate hal, I think he needs reprogramming with an axe!

How do I make hal allow all users in group wheel to mount/unmount ALL volumes, especially external?

This is on openSUSE 11.1 32bit, using the original KDE 4.1 version of dolphin, but surely this is all controlled by the hal daemon, and not dolphin?

Hi growbag

Within Dolphin, I presume you get notifier icon (on Places panel) when you insert usb memory stick? Is it the manual mounting (by clicking on icon) you don’t like, or is hal giving you grief with “org.freedesktop.hal.storage.mount-removable no ← (action, result)” messages. If the latter, there was a bug with openSUSE 11.1, and I remember an adjustment with /usr/share/PolicyKit/policy/org.freedesktop.hal.storage.policy was required:

<action id=“org.freedesktop.hal.storage.mount-removable”>
<description>Mount file systems from removable drives.</description>
<message>System policy prevents mounting removable media</message>
<defaults>
<allow_inactive>yes</allow_inactive>
<allow_active>yes</allow_active>
</defaults>
</action>

As described here:

http://i-nz.net/2009/01/13/opensuse-111-the-workarounds/

Thanks for the reply deano, it was actually one of your posts that I followed to try getting it working.

But sadly I still get the dreaded org.freedesktop.youare.not.allowed.to.do.this.stupid.error.message nonsense :D.

I added this to -

/etc/dbus-1/system.d/hal.conf

<policy group="wheel">
   <allow send_interface="org.freedesktop.Hal.Device.Volume"/>
   <allow send_interface="org.freedesktop.Hal.Device.Volume.Crypto"/>
 </policy>

But everything else in that file is set to allow already so I don’t think it makes a difference.

/usr/share/PolicyKit/policy/org.freedesktop.hal.storage.policy contains -

<action id="org.freedesktop.hal.storage.mount-fixed">
    <description>Mount file systems from internal drives.</description>
    <message>System policy prevents mounting internal media</message>
    <defaults>
      <allow_inactive>**yes**</allow_inactive>
      <allow_active>**yes**</allow_active>
    </defaults>
  </action>

<action id="org.freedesktop.hal.storage.mount-removable">
    <description>Mount file systems from removable drives.</description>
    <message>System policy prevents mounting removable media</message>
    <defaults>
      <allow_inactive>**yes**</allow_inactive>
      <allow_active>**yes**</allow_active>
    </defaults>
  </action>

As you can see, I changed everything to yes, then restarted hal (I assume!) by issuing the command -

/etc/init.d/haldaemon restart

The problem is that dolphin will not allow me to mount FAT volumes on my USB stick (I can do it as root from the command line ok).

I can mount my USB disk drive (encrypted LUKS partition) with Dolphin when used locally, but not when I do it remotely through an ssh’d dolphin (another story though!). So that’s not a problem.

I’ve compared all the files in /usr/share/PolicyKit/policy to my other updated KDE 4.3.1 machine, and they all seem to be identical.

Here’s a screenshot of what I get -

http://thumbnails3.imagebam.com/4989/56c39f49888580.gif](http://www.imagebam.com/image/56c39f49888580)

Seeing as this is my server, I didn’t restart it between edits believing that a hal restart was enough, is that my mistake?

Thanks :slight_smile:
Free Image Hosting by ImageBam.com

Seeing as this is my server, I didn’t restart it between edits believing that a hal restart was enough, is that my mistake?

Actually, I remember playing with the policies recently (openSUSE11, KDE4.2.4), and from memory, I found that I needed to restart the desktop (with a new session too) for the settings to take effect.

See if this makes a difference:

polkit-action --reset-defaults org.freedesktop.hal.storage.mount-removable

No, nothing, still the same :(.

Can you create another user, then login as that user, and see whether the problem persists?

This is frustrating. It only seems to happen to a few. I’ll see what else I can dig up…

Have a read of this thread

Re: [opensuse] Strange “PermissionDeniedByPolicy” Problem with 11.1

all the way through to the last post. This guy tried just about everything including this

Here. Just put this in /etc/PolicyKit/PolicyKit.conf, between <config
version=“0.1”> and </config> will solve both of you problems (just
replace “your user name or uid” with the real thing):

<match action=“org.freedesktop.hal.storage.mount-removable”>
<match user=“your user name or uid”>
<return result=“yes”/>
</match>
</match>
<match action=“org.freedesktop.hal.storage.unmount-others”>
<match user=“your user name or uid”>
<return result=“yes”/>
</match>
</match>
<match action="org.freedesktop.hal.power-management.hibernate ">
<match user=“your user name or uid”>
<return result=“yes”/>
</match>
</match>

In his last post, he seems to find the cause (with directory ownerships and problems with /etc/psswd). It didn’t make complete sense to me, but see what you can make of it.

Thanks for all your help and suggestions, I’ll play with it throughout the day.

It drives me nuts too, I reported a bug about this sort of thing in milestone 2 and 6, and it seems the devs have done some work and fixed internal partition mounting, external stuff seems to have been fixed already with 11.1 updates, but for some reason it’s not working on my server.

But sadly none of the work is backported :(.

I’ll report anything I find that helps.

As per the comments in the link you can change it with

sudo polkit-auth --grant org.freedesktop.hal.storage.mount-removable --user <user_name>
sudo polkit-auth --grant org.freedesktop.hal.storage.eject --user <user_name>

But before that what permissions do you have

polkit-auth --user $USER

But also a little clarity I don’t understand are you saying that it works ?

…I can mount my USB disk drive (encrypted LUKS partition) with Dolphin when used locally…

You seem to be tackling all kinds of stuff,
/usr/share/PolicyKit/policy/org.freedesktop.hal.storage.policy is defaults
/etc/dbus-1/system.d/hal.conf is hal.conf

In theory to override defaults you need /etc/hal/fdi/policy/n-*.fdi but iirc I also had some issues with Suse listening to my request. But I’m still not sure whether I understand the problem, if just a usbpen doesn’t, but usb drive with crypto does work. then try the couple of bits suggested. Next you do have some defaults that may cause no mounting in some things like hidden recovery partitions, certain labels etc just under volume.fsusage /usr/share/hal/fdi/policy/10osvendor/20-storage-methods.fdi

If you come back with what permissions your user does have, and any additional if trying to add it doesn’t work.

Edit
HAL - ArchWiki I find this the best wiki to get at the basics of hal using vanilla hal.

Also correction
/etc/dbus-1/system.d/hal.conf is also default system permissions
Where as /usr/share/hal/fdi/policy/* is per device(probably incorrect terminlogy)
The other way is to edit /etc/PolicyKit/PolicyKit.conf as per the wiki, for shutdown but iirc I tried this for a keyboard problem but had little joy.

Hello FM :slight_smile:

Looks like my user is only allowed to dial out!

polkit-auth --user fred --show-obtainable
org.opensuse.smpppd.connect

I tried that command (while under su) as simply polkit-auth --user fred and got nothing in return!

WOOHOO!!! Sussed it :smiley:

I did a search through Yast2 -> Software for any occurrences of the word policy.

That threw out the PolicyKit package (among other things). Closer examination of the package’s file list gave me a clue, it contains the file - /etc/PolicyKit/PolicyKit.conf.

I edited that file, and the default content (on my server) is only -

<?xml version="1.0" encoding="UTF-8"?> <!-- -*- XML -*- -->

<!DOCTYPE pkconfig PUBLIC "-//freedesktop//DTD PolicyKit Configuration 1.0//EN"
"http://hal.freedesktop.org/releases/PolicyKit/1.0/config.dtd">

<!-- See the manual page PolicyKit.conf(5) for file format -->

<config version="0.1">
</config>

On reading that file, it says to consult the manual, and running man policykit.conf gave me some very useful info and ideas.

So I edited /etc/PolicyKit/PolicyKit.conf and added the following with my required username (in this example - fred) -

<?xml version="1.0" encoding="UTF-8"?> <!-- -*- XML -*- -->

<!DOCTYPE pkconfig PUBLIC "-//freedesktop//DTD PolicyKit Configuration 1.0//EN"
"http://hal.freedesktop.org/releases/PolicyKit/1.0/config.dtd">

<!-- See the manual page PolicyKit.conf(5) for file format -->

<config version="0.1">

  <match action="org.freedesktop.hal.storage.mount-fixed">
   <match user="fred">
    <return result="yes"/>
   </match>
  </match>

  <match action="org.freedesktop.hal.storage.mount-removable">
   <match user="fred">
    <return result="yes"/>
   </match>
  </match>

</config>

…saved, restarted hal with /etc/init.d/haldaemon restart and hey presto, as if by magic - it WORKED!

I can now mount my USB stick’s FAT partitions simply by clicking on them through dolphin. This also works when I run dolphin remotely through an ssh connection.

My USB hard drive (containing the LUKS partition) still gives me the same error message (when trying to mount it through a remote dolphin, NOT a local one), but I assume that adding another section to /etc/PolicyKit/PolicyKit.conf especially for encrypted volumes will yield the same (fixed) result. I’ll try that next :).

This is exactly what I wanted, the root source of overriding HAL’s default settings! I can feel the beardos starting to froth at the mouth already for my blasphemy :D.

.

Glad you sussed it, I have this way in one distro for shutdown and suspend and use polkit-auth on Suse.

So both seem to achieve the same.

I suspect now they’ll show up for the user strange you couldn’t run it as user but I suspect it is an overzealous default.

I suspect your other rules will be based around
org.freedesktop.hal.storage.crypto-setup-fixed
org.freedesktop.hal.storage.crypto-setup-removable

Nice to see the progress @growbag. :slight_smile: That was one of the suggestions outlined in the link I gave you and quoted in post post #7. Although strangely, it did not appear to work for the OP in that situation. I have played with the polkit-auth commands a few times, vut they don’t seem to have any affect on my system, hence I didn’t bother mentioning them to you either.

lol, I must have skipped right over that one! The page format was a bit odd (for me) and I got lost somewhere in the responses! :D.

It did work exactly the same when I added entries for the encrypted filesystems too.

Thanks for all the help lads :).