You are not logged in.
Hi, I just finished to migrate my system to a pure systemd setup. Everithing seems to work fine, except that Dolphin can't mount NTFS partitions anymore, as it was able to do before. I'm not 100% sure that systemd is the culprit, but nevertheless it is a big change in my system so I assume that it may be the problem.
Trying to mount with Dolphin I get this error message:
An error occurred while accessing 'sATA-a', the system responded: The requested operation has failed.: Error mounting: mount exited with exit code 1: helper failed with:
Error opening '/dev/sdb1': Permesso negato
Failed to mount '/dev/sdb1': Permesso negato
Please check '/dev/sdb1' and the ntfs-3g binary permissions,
and the mounting user ID. More explanation is provided at
http://tuxera.com/community/ntfs-3g-faq/#unprivileged
I used to get this kind of error aeons ago when trying to mount from CL; puzzling enough, mounting from CL now works:
$ mount /media/disks/sATA-a
$ ls /media/disks/sATA-a
Documenti Download $RECYCLE.BIN RECYCLER sATA-b System Volume Information Temp Video
This is the relevant entry in my fstab (I don't know if Dolphin cares about it...):
#sATA-a
UUID=D6789B21789B0003 /media/disks/sATA-a ntfs-3g noauto,users 0 0
And finally:
$ ll `which ntfs-3g`
-rwsr-xr-x 1 root root 125K 21 apr 12.13 /bin/ntfs-3g
Can anybody give me a hint? Thanks.
Offline
How are you starting KDE? If you're not using KDM or another Display Manager, see if this link helps: http://blog.falconindy.com/articles/bac … stemd.html
Offline
I'm using kdm in the systemd way:
sudo systemctl enable kdm
edit: thanks Scimmia for the link, I already saw that blog post from falconindy before posting here, but I don't think it is the solution to my problem.
Last edited by snack (2012-10-20 13:54:50)
Offline
If you are using kdm, it is not. What if you do
$ xinit /usr/bin/startkde -- vt1
Does it work then? Of course, do this from vt1.
Offline
I have made a personal commitment not to reply in topics that start with a lowercase letter. Proper grammar and punctuation is a sign of respect, and if you do not show any, you will NOT receive any help (at least not from me).
Offline
@WonderWoofy: I switched to runlevel 3 with "sudo systemctl isolate runlevel3.target", then startex KDE as you suggested. It still doesn't work.
@DSpider: thanks for the suggestion, I created both 50-filesystem-mount-system-internal.pkla and 10-udisks.pkla, but it still doesn't work. Do I have to do something like rebooting or closing and reopening KDE to finish the fix procedure?
Offline
Reboot, yes.
# nano /etc/polkit-1/localauthority/50-local.d/10-udisks.pkla
[Local Users]
Identity=unix-group:users
Action=org.freedesktop.udisks.*
ResultAny=yes
ResultInactive=yes
ResultActive=yes
I have made a personal commitment not to reply in topics that start with a lowercase letter. Proper grammar and punctuation is a sign of respect, and if you do not show any, you will NOT receive any help (at least not from me).
Offline
Rebooted in graphical mode with login via KDM. Dolphin still not working, mount in CL is fine as usual.
$ sudo cat /etc/polkit-1/localauthority/50-local.d/10-udisks.pkla
[Local Users]
Identity=unix-group:users
Action=org.freedesktop.udisks.*
ResultAny=yes
ResultInactive=yes
ResultActive=yes
$ pacman -Qs udisks
local/udisks 1.0.4-5
Disk Management Service
$ groups
disk lp wheel uucp video audio optical storage users nicola
Small (and maybe useless) info: users is not my main group, but it isn't an issue, right?
Last edited by snack (2012-10-20 14:42:35)
Offline
I don't think the order which the groups command prints has any significance in regard to the main group or not. Mine shows users as last.
Edit: I think that if you were to touch a new file, the gid of that new file would be your main group.
Last edited by WonderWoofy (2012-10-20 14:44:16)
Offline
Maybe this can be useful (?):
$ sudo systemctl status udisks
udisks.service - UDisks
Loaded: loaded (/usr/lib/systemd/system/udisks.service; enabled)
Active: active (running) since Sat, 20 Oct 2012 16:36:48 +0200; 7min ago
Main PID: 472 (udisks-daemon)
CGroup: name=systemd:/system/udisks.service
├ 472 /usr/lib/udisks/udisks-daemon
└ 478 udisks-daemon: not polling any devices
Oct 20 16:43:53 conan udisks-daemon[472]: helper(pid 1024): completed with exit code 1
Oct 20 16:43:53 conan udisks-daemon[472]: **** EMITTING JOB-CHANGED for /sys/devices/pci0000:00/0000:00:0f.0/ata3/host2/target2:0:0/2:0:0:0/block/sdb/sdb1
Oct 20 16:43:59 conan udisks-daemon[472]: **** EMITTING JOB-CHANGED for /sys/devices/pci0000:00/0000:00:0f.0/ata3/host2/target2:0:0/2:0:0:0/block/sdb/sdb1
Oct 20 16:43:59 conan udisks-daemon[472]: helper(pid 1038): launched job udisks-helper-fstab-mounter on /dev/sdb1
Oct 20 16:43:59 conan udisks-daemon[472]: helper(pid 1038): completed with exit code 1
Oct 20 16:43:59 conan udisks-daemon[472]: **** EMITTING JOB-CHANGED for /sys/devices/pci0000:00/0000:00:0f.0/ata3/host2/target2:0:0/2:0:0:0/block/sdb/sdb1
Oct 20 16:44:37 conan udisks-daemon[472]: **** EMITTING JOB-CHANGED for /sys/devices/pci0000:00/0000:00:0f.0/ata3/host2/target2:0:0/2:0:0:0/block/sdb/sdb1
Oct 20 16:44:37 conan udisks-daemon[472]: helper(pid 1470): launched job udisks-helper-fstab-mounter on /dev/sdb1
Oct 20 16:44:37 conan udisks-daemon[472]: helper(pid 1470): completed with exit code 1
Oct 20 16:44:37 conan udisks-daemon[472]: **** EMITTING JOB-CHANGED for /sys/devices/pci0000:00/0000:00:0f.0/ata3/host2/target2:0:0/2:0:0:0/block/sdb/sdb1
Offline
I don't think the order which the groups command prints has any significance in regard to the main group or not. Mine shows users as last.
Edit: I think that if you were to touch a new file, the gid of that new file would be your main group.
I think you're right. Anyway my concern was about the polkit policy suggested by DSpider enabling mount for members of users group, while users isn't my main group. But I think it should work anyway.
Offline
Yeah, I knew this wasn't the main concern, but you know you can simply change that group to whatever you please. I think I set mine up as wheel for internal drives a while back. I don't use udisks anymore though... I just do it manually.
Offline
According to this (pretty old) bug report, the culprit is the corresponding entry in fstab, and indeed by removing it and adding the 10-udisks.pkla rule as suggested by DSpider Dolphin can mount the disk. Letting alone the reason why before the upgrade to systemd Dolphin worked smoothly without any 10-udisks.pkla policy or having to comment out anything in fstab, I wonder if it is possible to make udisks (and Dolphin) work without having to destroy my fstab (since it is very useful to have an fstab entry when I connect to my machine via ssh)...
Offline
OK, the mess is growing up. Today I switched my laptop to systemd, and the mount problem has appeared on this system as well. So I am confident that this is a systemd-related issue, and maybe some stock Arch config file is broken. I have this entry on my /etc/fstab for the ntfs-3g drive:
UUID=88705BA9705B9D2E /media/vista ntfs-3g noauto,users,exec 0 0
I compiled ntfs-3g with internal fuse support and did the setuid trick:
$ ls -l `which ntfs-3g`
-rwsr-xr-x 1 root root 125K 16 apr 2012 /bin/ntfs-3g
I can mount the disk using the command:
$ mount /media/vista/
$
It works flawlessly, so ntfs-3g works. If I try to mount it with udisks I get:
$ /usr/bin/udisks --mount /dev/sda2 --mount-options users,exec
Mount failed: Error mounting: mount exited with exit code 1: helper failed with:
Error opening '/dev/sda2': Permesso negato
Failed to mount '/dev/sda2': Permesso negato
Please check '/dev/sda2' and the ntfs-3g binary permissions,
and the mounting user ID. More explanation is provided at
http://tuxera.com/community/ntfs-3g-faq/#unprivileged
It sounds to me that udisks is trying to mount the disk as a different user, but I'm not an expert so I might be wrong. If I remove the entry in /etc/fstab then udisks will ask for the password. Repeating the same steps but for an ext3 partition, I am able to mount with udisks when there is a proper fstab entry, and I'm asked for a password when that entry is commented out.
Based on these findings, I strongly suspect that there is some problem with logind configuration in my system. I have been going round and round for hours, serching the web and the wiki (which BTW is in a very bad shape, containing outdated or no informations about mount policies in the polkit and udev sections), and now I feel I need some help to go through it... thanks.
Offline
I tried to open a bug report:
https://bugs.archlinux.org/task/32466#comment101845
which has been promptly closed as "not a bug" without anybody caring about the fact that everything worked perfectly with sysvinit. Together with the suggestion to write a polkit rule and not use fstab for such kind of things. Next time I'll avoid to loose my time opening a bug report...
Offline
I found that the problem is due to a bug in how udisks sets the group informations. Applying the patch described in comment 2 of:
https://bugs.freedesktop.org/show_bug.cgi?id=25792
everything works as expected. I asked to reopen the bug report mentioned in my previous post, to ask the udisks maintainer to apply the patch to the Arch package.
Edit: I would still love to understand why there was no problem with sysvinit... but I think I'll never know.
Last edited by snack (2012-11-17 22:30:05)
Offline
Well, I found in the wiki a temp solution to this problem without patching....
https://wiki.archlinux.org/index.php/PolicyKit
Add this to /etc/polkit-1/rules.d/10-udisks2.rules and get rid of the line in /etc/fstab
// Allow udisks2 to mount devices without authentication
// for users in the "storage" group.
polkit.addRule(function(action, subject) {
if ((action.id == "org.freedesktop.udisks2.filesystem-mount-system" ||
action.id == "org.freedesktop.udisks2.filesystem-mount") &&
subject.isInGroup("storage")) {
return polkit.Result.YES;
}
});
polkit.addRule(function(action, subject) {
if ((action.id == "org.freedesktop.udisks.filesystem-mount-system-internal") &&
subject.isInGroup("storage")) {
return polkit.Result.YES;
}
});
Any society that would give up a little liberty to gain a little security will deserve neither and lose both.
-Benjamin Franklin
The reasonable man adapts himself to the world; the unreasonable one persists in trying to adapt the world to himself. Therefore all progress depends on the unreasonable man.
-George Bernard Shaw
Offline
here’s the code in a bit easier. it should really be available at a more accessible position, as it is the only thing allowing e.g. KDE’s automount settings to work.
// Allow udisks2 to mount devices without authentication
// for users in the "storage" group.
polkit.addRule(function(action, subject) {
if ((
action.id == "org.freedesktop.udisks2.filesystem-mount-system" ||
action.id == "org.freedesktop.udisks2.filesystem-mount" ||
action.id == "org.freedesktop.udisks.filesystem-mount-system-internal"
) && subject.isInGroup("storage"))
return polkit.Result.YES
})
Offline