You are not logged in.

#1 2013-03-10 01:26:12

John0000
Member
Registered: 2012-04-12
Posts: 40

[SOLVED] LUKS file container permissions with thunar

Hi,
I'm trying to have permissions with thunar to mount LUKS container (a file, not a device).

I have already installed gvfs, gvfs-afc, gvfs-gphoto2, thunar-volman, and I'm in the storage group. My ~/.xinitrc simply has "exec startxfce4". Any device I plug-in is recognized and mounted without problems.

I know there are tons of topics about permissions, I've looked all the 3 pages of results I had, with no luck.

To create a container I did (ex) :

dd if=/dev/random of=LUKScontainer count=1 bs=50M
sudo cryptsetup -c aes-cbc-essiv:sha256 -s 256 -v luksFormat LUKScontainer
sudo cryptsetup luksOpen LUKScontainer LUKScontainerOpened
sudo mkfs.ext4 /dev/mapper/LUKScontainerOpened

At this point, the container appears in thunar the same way my LUKS hard drives appear, but when I click to mount it, it says "Not authorized to perform operation".

I've looked into polkit, udev...but those seem quite complicated and I'm not sure they are responsible for this permission problem.
Anyone knows what I should look for? Help appreciated.

Last edited by John0000 (2013-03-10 14:33:21)

Offline

#2 2013-03-10 03:24:31

WonderWoofy
Member
From: Los Gatos, CA
Registered: 2012-05-19
Posts: 8,414

Re: [SOLVED] LUKS file container permissions with thunar

I'm really not sure about this, as my experience with LUKS is limited.  But I imagine that it is not able to mount something that it cannot decrypt, so what is it you are expecting to happen here?  Do you want a dialog to pop up asking you for a key?  Do you just want to be able to mount it in general?  Have you put the device into your crypttab?  Do bears wear shoes?

Offline

#3 2013-03-10 07:29:53

siriusb
Member
From: Hungary
Registered: 2010-01-01
Posts: 422

Re: [SOLVED] LUKS file container permissions with thunar

You may have no appropriate permission to mount. Try mounting manually as root. If it works you can edit your polkit rules.

Offline

#4 2013-03-10 13:37:59

John0000
Member
Registered: 2012-04-12
Posts: 40

Re: [SOLVED] LUKS file container permissions with thunar

Thx for you answers.
@WonderWoofy
I expect it to do the same as it does with an encrypted device, prompting for a password. As I said in my original post, it is not a device but a file that I try to mount in thunar. External USB hard drives, usb keys, numeric cameras...as well as internal hard drives are mouting without problems.

@siriusb
I can indeed mount it manually as root in a terminal. I'll look into the polkit wiki

Last edited by John0000 (2013-03-10 13:41:50)

Offline

#5 2013-03-10 14:33:04

John0000
Member
Registered: 2012-04-12
Posts: 40

Re: [SOLVED] LUKS file container permissions with thunar

Well I made some progress.

I created the following file /etc/polkit-1/rules.d/10-udisks2.rules :

polkit.addRule(function(action, subject) {
    if ((action.id == "org.freedesktop.udisks2.filesystem-mount-system") && subject.isInGroup("storage")) {
        return polkit.Result.YES;
    }
});

Now I got the following error when I try to unmount the file :

GDBus.Error:org.freedesktop.UDisks2.Error.NotAuthorizedCanObtain: Not authorized to perform operation.

I tried the following commands (those with unmount, eject...) :

$ pkaction --verbose org.freedesktop.udisks2 | grep udisks2
org.freedesktop.udisks2.ata-check-power:
org.freedesktop.udisks2.ata-secure-erase:
org.freedesktop.udisks2.ata-smart-selftest:
org.freedesktop.udisks2.ata-smart-simulate:
org.freedesktop.udisks2.ata-smart-update:
org.freedesktop.udisks2.ata-standby:
org.freedesktop.udisks2.ata-standby-other-seat:
org.freedesktop.udisks2.ata-standby-system:
org.freedesktop.udisks2.cancel-job:
org.freedesktop.udisks2.cancel-job-other-user:
org.freedesktop.udisks2.eject-media:
org.freedesktop.udisks2.eject-media-other-seat:
org.freedesktop.udisks2.eject-media-system:
org.freedesktop.udisks2.encrypted-change-passphrase:
org.freedesktop.udisks2.encrypted-change-passphrase-system:
org.freedesktop.udisks2.encrypted-lock-others:
org.freedesktop.udisks2.encrypted-unlock:
org.freedesktop.udisks2.encrypted-unlock-crypttab:
org.freedesktop.udisks2.encrypted-unlock-other-seat:
org.freedesktop.udisks2.encrypted-unlock-system:
org.freedesktop.udisks2.filesystem-fstab:
org.freedesktop.udisks2.filesystem-mount:
org.freedesktop.udisks2.filesystem-mount-other-seat:
org.freedesktop.udisks2.filesystem-mount-system:
org.freedesktop.udisks2.filesystem-unmount-others:
org.freedesktop.udisks2.loop-delete-others:
org.freedesktop.udisks2.loop-modify-others:
org.freedesktop.udisks2.loop-setup:
org.freedesktop.udisks2.manage-swapspace:
org.freedesktop.udisks2.modify-device:
org.freedesktop.udisks2.modify-device-other-seat:
org.freedesktop.udisks2.modify-device-system:
org.freedesktop.udisks2.modify-drive-settings:
org.freedesktop.udisks2.modify-system-configuration:
org.freedesktop.udisks2.open-device:
org.freedesktop.udisks2.open-device-system:
org.freedesktop.udisks2.read-system-configuration-secrets:
org.freedesktop.udisks2.rescan:

but without succes yet.

I'm still marking the subject as resolved since I can mount them on thunar now.

Offline

#6 2013-03-10 16:27:18

siriusb
Member
From: Hungary
Registered: 2010-01-01
Posts: 422

Re: [SOLVED] LUKS file container permissions with thunar

This may help you:

/etc/polkit-1/localauthority/50-local.d #  cat 50-filesystem-mount-system-internal.pkla 
[Mount a system-internal device]
Identity=unix-group:storage
Action=org.freedesktop.udisks2.filesystem-mount-system;org.freedesktop.udisks2.encrypted-unlock-system
ResultActive=yes

Check whether you are a member of storage group.

Offline

#7 2013-03-10 17:35:28

John0000
Member
Registered: 2012-04-12
Posts: 40

Re: [SOLVED] LUKS file container permissions with thunar

Yes I'm a member of the storage group.
Your file is similar to what I made since I have the same  value 'org.freedesktop.udisks2.filesystem-mount-system' .

Mouting works, unmouting returns an error but still works. The log says :

Mar 10 18:25:47 host udisksd[502]: Mounted /dev/dm-0 at /run/media/user/d61f4798-2ae8-4c3e-9898-9d6a37825534 on behalf of uid 1000
Mar 10 18:25:49 host udisksd[502]: Cleaning up mount point /run/media/user/d61f4798-2ae8-4c3e-9898-9d6a37825534 (device 254:0 is not mounted)
Mar 10 18:25:49 host udisksd[502]: Unmounted /dev/dm-0 on behalf of uid 1000

Offline

Board footer

Powered by FluxBB