Mailinglist Archive: opensuse-factory (1135 mails)

< Previous Next >
Re: [opensuse-factory] Adding udisks2 polkit privileges
On Mon, Jun 04, 2012 at 10:33:06AM +0400, Ilya Chernykh wrote:
On Sunday 03 June 2012 22:04:20 Marcus Meissner wrote:


I hope Vincent can clarify this.

I want to add the following polkit rules in 12.2 kdebase3 package which
are needed for its new Udisks2 backend
written by Serghei Amelian recently:


Can I add this rules file to my package?


You should have figured out that "Yes" means that all users are allowed
to do all udisks2 actions, which include all kind of fstab modifcations.

And that this basically means full root access for all users.

So it is not allowed.

Or this is already implemented in 12.2?


Without these rules the backend does not work properly.

The standard file should work, if you have working console management
(I think it should be there if you use gdm or kdm4 or xdm).

Do you have a policy kit agent for kde3, or can you use either the
kde4 or gnome one? (cross check what xfce does)

Then your policy change is not required.

Does use of policy kit agent mean that upon mounting an USB drive or a CD
the user should be asked a root password?


This is not what is desired. The intent is to make them auto-mount.

To make it work correctly, you need first ConsoleKit session setup support,
and the policykit agent is for when the root password is needed.

If your desktop is correctly marking its console sessions, via the ConsoleKit
framework, then no, there is no permission required to mount USB disks or CDs.

The ConsoleKit handling is the responsibility of either the display
manager (xdm, kdm4, gdm have support for it) or can be explicitly set
in the PAM snippet of your service.

You can check if this is done by doing:

$ ck-list-sessions

which should print something like:

unix-user = '1000'
realname = 'Marcus Meissner'
seat = 'Seat1'
session-type = ''
active = TRUE
x11-display = ':0'
x11-display-device = '/dev/tty7'
display-device = ''
remote-host-name = ''
is-local = TRUE
on-since = '2012-06-04T04:44:46.209182Z'
login-session-id = '4294967295'

Ciao, Marcus
To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-factory+owner@xxxxxxxxxxxx

< Previous Next >
Follow Ups