LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices

Reply
 
Search this Thread
Old 04-14-2011, 11:11 AM   #1
rrije
Member
 
Registered: Jul 2010
Distribution: openSUSE 11.4
Posts: 32

Rep: Reputation: Disabled
PolicyKit / polkit in openSUSE : problem with configuration files


Hi,

after a recent update my policykit permissions stopped working, and I can't understand why.
An example: mounting a flash drive requires password, hinting on org.freedesktop.udisks.filesystem-mount. /usr/share/polkit-1/actions/org.freedesktop.udisks.policy has the following:
Code:
<action id="org.freedesktop.udisks.filesystem-mount">
    <description>Mount a device</description>
    <message>Authentication is required to mount the device</message>
    <defaults>
      <allow_any>yes</allow_any>
      <allow_inactive>no</allow_inactive>
      <allow_active>yes</allow_active>
    </defaults>
  </action>
It is correct, right? So WTF prevents the policy from working? Is there some other config file which takes precedence?

Same thing happens when rebooting / shutting down, etc.

There is also this confusing thing about polkit-1 and "old" PolicyKit, but as far as I can tell, they manage different actions and shouldn't be the source of the problem.

What can be the source of the problem? Thanks in advance.
 
Old 04-15-2011, 07:51 AM   #2
andrewthomas
Senior Member
 
Registered: May 2010
Location: Chicago Metro
Distribution: Arch, Gentoo, Slackware
Posts: 1,690

Rep: Reputation: 307Reputation: 307Reputation: 307Reputation: 307
You really shouldn't edit anything in /usr/share/polkit-1, since it will be overwritten on updates.

What you need to do is add a /etc/polkit-1/localauthority.conf.d/60-localauthority.conf file with
Code:
[Configuration]
AdminIdentities=unix-group:wheel
if you want to grant the rights to an entire group, wheel in this case or
Code:
[Configuration]
AdminIdentities=unix-user:username
to grant rights to a specific user
and then an /etc/polkit-1/localauthority/50-local.d/my-polkit-udisks.pkla file containing
Code:
[udisks full access]
Identity=unix-group:wheel[/B]
Action=org.freedesktop.udisks.*
ResultActive=yes

[Change CPU Frequency scaling]
Identity=unix-group:wheel
Action=org.gnome.cpufreqselector
ResultActive=yes
or for your user
Code:
[udisks full access]
Identity=unix-user:username
Action=org.freedesktop.udisks.*
ResultActive=yes

[Change CPU Frequency scaling]
Identity=unix-user:username
Action=org.gnome.cpufreqselector
ResultActive=yes
allowing any rules thay you want
 
Old 04-17-2011, 07:19 AM   #3
rrije
Member
 
Registered: Jul 2010
Distribution: openSUSE 11.4
Posts: 32

Original Poster
Rep: Reputation: Disabled
Thanks for the reply,

I've created /etc/polkit-1/localauthority dir, copied /var/lib/polkit-1/localauthority/10-vendor.d there (to have a reference) and created /etc/polkit-1/localauthority/50-local.d, where I put two files: /etc/polkit-1/localauthority/50-local.d/org.freedesktop.hal.power-management.pkla and /etc/polkit-1/localauthority/50-local.d/org.freedesktop.udisks.pkla, containing the following:
Code:
[power management]
Identity=unix-group:*
Action=org.freedesktop.hal.power-management.*
ResultActive=yes
Code:
[org.freedesktop.udisks.filesystem-mount]
Identity=unix-group:*
Action=org.freedesktop.udisks.*
ResultActive=yes
It didn't help. Trying to reboot still gives this warning on the bottom of the menu: org.freedesktop.hal.power-management.reboot auth_admin_keep_always <-- (action, result). Trying to suspend or hibernate shows an authentication prompt for a second, then screensaver kicks in and locks the screen.
Same with removable media: no automount, mounting requires root, and now devices don't even show in thunar's sidebar (it used to draw them half-transparent, so you could click and mount them automatically).

I looked through the .pkla files and have not found any entries that have "auth_admin_keep_always" string. Neither is it present in /usr/share/polkit-1/action policies, which makes me wonder if there are still some other config files overriding customized policies… according to pklocalauthority manual this shouldn't be the case.

Last edited by rrije; 04-17-2011 at 07:20 AM. Reason: spellcheck
 
Old 04-17-2011, 07:47 AM   #4
andrewthomas
Senior Member
 
Registered: May 2010
Location: Chicago Metro
Distribution: Arch, Gentoo, Slackware
Posts: 1,690

Rep: Reputation: 307Reputation: 307Reputation: 307Reputation: 307
Quote:
Originally Posted by andrewthomas View Post
You really shouldn't edit anything in /usr/share/polkit-1, since it will be overwritten on updates.

What you need to do is add a /etc/polkit-1/localauthority.conf.d/60-localauthority.conf file with
Code:
[Configuration]
AdminIdentities=unix-group:wheel
if you want to grant the rights to an entire group, wheel in this case or
Code:
[Configuration]
AdminIdentities=unix-user:username
to grant rights to a specific user
Did you set AdminIdentities in /etc/polkit-1/localauthority.conf.d/60-localauthority.conf?
 
Old 04-17-2011, 03:53 PM   #5
rrije
Member
 
Registered: Jul 2010
Distribution: openSUSE 11.4
Posts: 32

Original Poster
Rep: Reputation: Disabled
Yes, these are the lines inside /etc/polkit-1/localauthority.conf.d/60-localauthority.conf:
Code:
[Configuration]
AdminIdentities=unix-user:rrije
Doesn't help.
 
Old 04-23-2011, 09:33 PM   #6
andrewthomas
Senior Member
 
Registered: May 2010
Location: Chicago Metro
Distribution: Arch, Gentoo, Slackware
Posts: 1,690

Rep: Reputation: 307Reputation: 307Reputation: 307Reputation: 307
Quote:
Originally Posted by rrije View Post
I looked through the .pkla files and have not found any entries that have "auth_admin_keep_always" string. Neither is it present in /usr/share/polkit-1/action policies, which makes me wonder if there are still some other config files overriding customized policies… according to pklocalauthority manual this shouldn't be the case.
You could look for a overriding file in /etc/polkit-1/localauthority.
It would have to be >50 to override. For example any file in 90-mandatory.d ( if you have it.)

Otherwise I can't see why this is not working, although I do not have hal on my systems any more.
Try using an actual group name instead of *, maybe power.

Last edited by andrewthomas; 05-13-2011 at 09:57 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
polkit-kde-authentication-agent-1 segfaults on Leave->Turn off computer jamesf Slackware 2 12-19-2010 01:54 PM
Problem printing pdf files (okular 0.8.4 KDE 4.2.4) on openSuse 11.1 Kapten Beard Linux - Newbie 3 02-04-2010 08:06 AM
LXer: KDE extends Polkit support to polkit-1 LXer Syndicated Linux News 0 12-26-2009 12:00 PM
cannot save iptables configuration on opensuse 10.3 I have a server running opensuse lorry Linux - Newbie 2 09-26-2008 11:58 AM
PolicyKit and Hal problem TongueTied Linux - Software 1 01-19-2007 08:26 PM


All times are GMT -5. The time now is 09:30 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration