I have a strange permissions event occurring here. Running 11.2/KDE4. When
I plug in a USB drive and try to open it with dolphin I get a pop-up telling
me I don’t have permission to open the device, asking for root pw. If I
tell it to “Ignore”, dophin proceeds to open and I have full rw access to
the drive. What permission/group setting do I need to modify to get rid of
that annoying - seemingly meaningless - pop up? Seems silly to ask for root
pw then give access after the “ignore” selection.
Doesn’t matter - I’ve got some devices with NTFS, a couple with HPFS, and at
least one with EXT3 formats on them but most are stock FAT32 format. Same
fire drill.
Sounds like a hal/PolicyKit problem. Here is my /usr/share/PolicyKit/policy/org.freedesktop.hal.storage.policy:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE policyconfig PUBLIC
"-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
"http://www.freedesktop.org/standards/PolicyKit/1.0/policyconfig.dtd">
<!--
Policy definitions for HAL's drives/media mechanims.
Copyright (c) 2007 David Zeuthen <david@fubar.dk>
HAL is licensed to you under your choice of the the Academic Free
License Version 2.1, or the GNU General Public License version 2. Some
individual source files may be under the GPL only. See COPYING for
details.
-->
<policyconfig>
<action id="org.freedesktop.hal.storage.mount-fixed">
<description>Mount file systems from internal drives.</description>
<message>System policy prevents mounting internal media</message>
<defaults>
<allow_inactive>no</allow_inactive>
<allow_active>auth_admin_keep_always</allow_active>
</defaults>
</action>
<action id="org.freedesktop.hal.storage.mount-removable">
<description>Mount file systems from removable drives.</description>
<message>System policy prevents mounting removable media</message>
<defaults>
<allow_inactive>no</allow_inactive>
<allow_active>yes</allow_active>
</defaults>
</action>
<action id="org.freedesktop.hal.storage.unmount-others">
<description>Unmount file systems mounted by other users.</description>
<message>System policy prevents unmounting media mounted by other users</message>
<defaults>
<allow_inactive>no</allow_inactive>
<allow_active>auth_admin_keep_always</allow_active>
</defaults>
</action>
<action id="org.freedesktop.hal.storage.eject">
<description>Eject removable media.</description>
<message>System policy prevents ejecting removable media</message>
<defaults>
<allow_inactive>no</allow_inactive>
<allow_active>yes</allow_active>
</defaults>
</action>
<action id="org.freedesktop.hal.storage.crypto-setup-fixed">
<description>Set up decryption for encrypted fixed storage devices.</description>
<message>System policy prevents accessing encrypted fixed media</message>
<defaults>
<allow_inactive>no</allow_inactive>
<allow_active>auth_admin_keep_always</allow_active>
</defaults>
</action>
<action id="org.freedesktop.hal.storage.crypto-setup-removable">
<description>Set up decryption for encrypted removable storage devices.</description>
<message>System policy prevents accessing encrypted removable media</message>
<defaults>
<allow_inactive>no</allow_inactive>
<allow_active>yes</allow_active>
</defaults>
</action>
</policyconfig>
That should allow you to mount/unmount anything within your active session with no password.
>
> Sounds like a hal/PolicyKit problem. Here is my
> /usr/share/PolicyKit/policy/org.freedesktop.hal.storage.policy:
>
>
> Code:
> --------------------
> <?xml version=“1.0” encoding=“UTF-8”?>
> <!DOCTYPE policyconfig PUBLIC
> “-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN”
> “http://www.freedesktop.org/standards/PolicyKit/1.0/policyconfig.dtd”>
>
> <!–
> Policy definitions for HAL’s drives/media mechanims.
>
> Copyright (c) 2007 David Zeuthen <david@fubar.dk>
>
> HAL is licensed to you under your choice of the the Academic Free
> License Version 2.1, or the GNU General Public License version 2. Some
> individual source files may be under the GPL only. See COPYING for
> details.
> →
>
> <policyconfig>
>
> <action id=“org.freedesktop.hal.storage.mount-fixed”>
> <description>Mount file systems from internal drives.</description>
> <message>System policy prevents mounting internal media</message>
> <defaults>
> <allow_inactive>no</allow_inactive>
> <allow_active>auth_admin_keep_always</allow_active>
> </defaults>
> </action>
>
> <action id=“org.freedesktop.hal.storage.mount-removable”>
> <description>Mount file systems from removable drives.</description>
> <message>System policy prevents mounting removable media</message>
> <defaults>
> <allow_inactive>no</allow_inactive>
> <allow_active>yes</allow_active>
> </defaults>
> </action>
>
> <action id=“org.freedesktop.hal.storage.unmount-others”>
> <description>Unmount file systems mounted by other users.</description>
> <message>System policy prevents unmounting media mounted by other
> users</message> <defaults>
> <allow_inactive>no</allow_inactive>
> <allow_active>auth_admin_keep_always</allow_active>
> </defaults>
> </action>
>
> <action id=“org.freedesktop.hal.storage.eject”>
> <description>Eject removable media.</description>
> <message>System policy prevents ejecting removable media</message>
> <defaults>
> <allow_inactive>no</allow_inactive>
> <allow_active>yes</allow_active>
> </defaults>
> </action>
>
> <action id=“org.freedesktop.hal.storage.crypto-setup-fixed”>
> <description>Set up decryption for encrypted fixed storage
> devices.</description> <message>System policy prevents accessing
> encrypted fixed media</message> <defaults>
> <allow_inactive>no</allow_inactive>
> <allow_active>auth_admin_keep_always</allow_active>
> </defaults>
> </action>
>
> <action id=“org.freedesktop.hal.storage.crypto-setup-removable”>
> <description>Set up decryption for encrypted removable storage
> devices.</description> <message>System policy prevents accessing
> encrypted removable media</message> <defaults>
> <allow_inactive>no</allow_inactive>
> <allow_active>yes</allow_active>
> </defaults>
> </action>
>
> </policyconfig>
>
> --------------------
>
>
> That should allow you to mount/unmount anything within your active
> session with no password.
That solved the immediate problem. The only place I saw this was when
swapping USB sticks. I’m still looking at implications of the passwordless
mount with multiple users, some of whom I don’t want to be able to have any
more freedom than necessary.