Ubuntu
gnome-system-tools package

  1. Bug #231246
  2. Comment #16

Comment 16 for bug 231246

Revision history for this message
rishab (rg-ubuntu) wrote :

sebastien bacher wrote:

> could you run "polkit-auth --show-obtainable" and "ck-list-sessions" and copy the logs to the bug?

ok, i ran it with the default /etc/PolicyKit/PolicyKit.conf file...
[....header comments.....]

<!-- See the manual page PolicyKit.conf(5) for file format -->

<config version="0.1">
    <match user="root">
        <return result="yes"/>
    </match>
</config>

$ polkit-auth --show-obtainable
org.gnome.clockapplet.mechanism.settimezone
org.freedesktop.policykit.read
org.freedesktop.policykit.revoke
org.freedesktop.hal.power-management.shutdown-multiple-sessions
org.freedesktop.hal.power-management.reboot-multiple-sessions
org.freedesktop.hal.storage.mount-fixed
org.freedesktop.hal.storage.unmount-others
org.freedesktop.hal.storage.crypto-setup-fixed

$ ck-list-sessions
Session1:
 uid = '1000'
 realname = 'Rishab Aiyer Ghosh,,,'
 seat = 'Seat1'
 session-type = ''
 active = TRUE
 x11-display = ':0'
 x11-display-device = '/dev/tty7'
 display-device = ''
 remote-host-name = ''
 is-local = TRUE
 on-since = '2008-06-08T22:27:08Z'

i did this after i'd tried to enable various things from polkit-gnome-authorization, by explicitly granting my user rights. i had to run polkit-gnome-authorization using sudo, or i couldn't change anything at all... not that anything _should_ have required changing, since most things, including time change, manage system configuration, were already set to implicit authorization for admin authentication. "mount file systems from removable devices" was also already set to implicit Yes for the active console without requiring authentication. anyway, adding myself explicitly to the authorize list made no difference. note that it says hal mount-fixed is obtainable not mount-removable, which is presumably already allowed.

if i try to change /etc/PolicyKit/PolicyKit.conf to explicitly authorize me (user rishab) and also the hal mount-removable:
<!-- See the manual page PolicyKit.conf(5) for file format -->

<config version="0.1">
    <match user="root|rishab">
        <return result="yes"/>
    </match>
    <define_admin_auth group="admin"/>
    <match action="org.freedesktop.hal.storage.mount-removable">
 <return result="yes"/>
    </match>
</config>

now, "polkit-auth --show-obtainable" does nothing, presumably because everything is allowed.

i can now edit the wifi configuration, set date etc with no authentication, which is not really a safe situation. so i'll probably go back to the previous PolicyKit.conf, especially since even with this change hal still doesn't auto-mount (the drives show up in dmesg fine).

i also saw somewhere (not sure where, this polkit/hal problem seems to have been going on many threads) a suggestion to add to hal.conf:
  <policy group="plugdev">
    <allow send_interface="org.freedesktop.Hal.Device.Volume"/>
    <allow send_interface="org.freedesktop.Hal.Device.Volume.Crypto"/>
  </policy>

i couldn't see the point of it since the hal.conf default context already allows these actions, but added it anyway, to no effect.