Mailinglist Archive: opensuse (3513 mails)

< Previous Next >
Re: [opensuse] Strange "PermissionDeniedByPolicy" Problem with 11.1
  • From: Rainer Krienke <krienke@xxxxxxxxxxxxxx>
  • Date: Thu, 8 Jan 2009 14:17:19 +0100
  • Message-id: <200901081417.20959.krienke@xxxxxxxxxxxxxx>
Am Donnerstag, 8. Januar 2009 12:08:46 schrieb auxsvr@xxxxxxxxx:

For some reason (probably running SuSEconfig) policykit loses the
permission settings for removable storage. To fix it do "polkit-action
--reset-defaults org.freedesktop.hal.storage.mount-removable" as an
authorized user (root). If this doesn't work, maybe you should set
appropriately the setgid/setuid bits of the policykit executables and try
again, an error message should direct you accordingly.

Might really have something to do with SuSEConfig. In between I noticed that
right after the installation everything is OK. Then I ran SuSEconfig, still
everything was ok. Next I rebooted the very first time and after this reboot
the problem shows up.

polkit-action --reset-defaults for mount-removable action did not help either.
Still plokit-auth run as a regular user logged in using KDE3 oder KDE4 shows
no output and accessing an USB stick does not work.

In opensuse 11 the permissions for the policykit executables were
incorrectly set for the secure permissions level. Check bug
https://bugzilla.novell.com/show_bug.cgi?id=295341 (it's marked as WONTFIX,
however 11.1 includes the fix?!)

To check this I compared the permissions of

/usr/lib/PolicyKit/polkit-set-default-helper polkituser:root 4755
/usr/lib/PolicyKit/polkit-read-auth-helper root:polkituser 2755
/usr/lib/PolicyKit/polkit-revoke-helper root:polkituser 2755
/usr/lib/PolicyKit/polkit-explicit-grant-helper root:polkituser 2755
/usr/lib/PolicyKit/polkit-grant-helper root:polkituser 2755
/usr/lib/PolicyKit/polkit-grant-helper-pam root:polkituser 4750

with the corresponding files on the system that does not have this problem. I
did not see a difference. All the files above have also entries in
/etc/permissions.easy (the above is a copy so you see the permissions beeing
set) and the security scheme is set to "easy local" and chkstat
/etc/permissions.easy does not show any output, so there are no files having
wrong" permissions. /etc/permissions.local is empty.

What else could I try?

Thanks
Rainer
--
Rainer Krienke, Uni Koblenz, Rechenzentrum, A22, Universitaetsstrasse 1
56070 Koblenz, http://www.uni-koblenz.de/~krienke, Tel: +49261287 1312
PGP: http://www.uni-koblenz.de/~krienke/mypgp.html,Fax: +49261287 1001312

< Previous Next >