You are not logged in.
Hi,
I'm trying to have permissions with thunar to mount LUKS container (a file, not a device).
I have already installed gvfs, gvfs-afc, gvfs-gphoto2, thunar-volman, and I'm in the storage group. My ~/.xinitrc simply has "exec startxfce4". Any device I plug-in is recognized and mounted without problems.
I know there are tons of topics about permissions, I've looked all the 3 pages of results I had, with no luck.
To create a container I did (ex) :
dd if=/dev/random of=LUKScontainer count=1 bs=50M
sudo cryptsetup -c aes-cbc-essiv:sha256 -s 256 -v luksFormat LUKScontainer
sudo cryptsetup luksOpen LUKScontainer LUKScontainerOpened
sudo mkfs.ext4 /dev/mapper/LUKScontainerOpened
At this point, the container appears in thunar the same way my LUKS hard drives appear, but when I click to mount it, it says "Not authorized to perform operation".
I've looked into polkit, udev...but those seem quite complicated and I'm not sure they are responsible for this permission problem.
Anyone knows what I should look for? Help appreciated.
Last edited by John0000 (2013-03-10 14:33:21)
Offline
I'm really not sure about this, as my experience with LUKS is limited. But I imagine that it is not able to mount something that it cannot decrypt, so what is it you are expecting to happen here? Do you want a dialog to pop up asking you for a key? Do you just want to be able to mount it in general? Have you put the device into your crypttab? Do bears wear shoes?
Offline
You may have no appropriate permission to mount. Try mounting manually as root. If it works you can edit your polkit rules.
Offline
Thx for you answers.
@WonderWoofy
I expect it to do the same as it does with an encrypted device, prompting for a password. As I said in my original post, it is not a device but a file that I try to mount in thunar. External USB hard drives, usb keys, numeric cameras...as well as internal hard drives are mouting without problems.
@siriusb
I can indeed mount it manually as root in a terminal. I'll look into the polkit wiki
Last edited by John0000 (2013-03-10 13:41:50)
Offline
Well I made some progress.
I created the following file /etc/polkit-1/rules.d/10-udisks2.rules :
polkit.addRule(function(action, subject) {
if ((action.id == "org.freedesktop.udisks2.filesystem-mount-system") && subject.isInGroup("storage")) {
return polkit.Result.YES;
}
});
Now I got the following error when I try to unmount the file :
GDBus.Error:org.freedesktop.UDisks2.Error.NotAuthorizedCanObtain: Not authorized to perform operation.
I tried the following commands (those with unmount, eject...) :
$ pkaction --verbose org.freedesktop.udisks2 | grep udisks2
org.freedesktop.udisks2.ata-check-power:
org.freedesktop.udisks2.ata-secure-erase:
org.freedesktop.udisks2.ata-smart-selftest:
org.freedesktop.udisks2.ata-smart-simulate:
org.freedesktop.udisks2.ata-smart-update:
org.freedesktop.udisks2.ata-standby:
org.freedesktop.udisks2.ata-standby-other-seat:
org.freedesktop.udisks2.ata-standby-system:
org.freedesktop.udisks2.cancel-job:
org.freedesktop.udisks2.cancel-job-other-user:
org.freedesktop.udisks2.eject-media:
org.freedesktop.udisks2.eject-media-other-seat:
org.freedesktop.udisks2.eject-media-system:
org.freedesktop.udisks2.encrypted-change-passphrase:
org.freedesktop.udisks2.encrypted-change-passphrase-system:
org.freedesktop.udisks2.encrypted-lock-others:
org.freedesktop.udisks2.encrypted-unlock:
org.freedesktop.udisks2.encrypted-unlock-crypttab:
org.freedesktop.udisks2.encrypted-unlock-other-seat:
org.freedesktop.udisks2.encrypted-unlock-system:
org.freedesktop.udisks2.filesystem-fstab:
org.freedesktop.udisks2.filesystem-mount:
org.freedesktop.udisks2.filesystem-mount-other-seat:
org.freedesktop.udisks2.filesystem-mount-system:
org.freedesktop.udisks2.filesystem-unmount-others:
org.freedesktop.udisks2.loop-delete-others:
org.freedesktop.udisks2.loop-modify-others:
org.freedesktop.udisks2.loop-setup:
org.freedesktop.udisks2.manage-swapspace:
org.freedesktop.udisks2.modify-device:
org.freedesktop.udisks2.modify-device-other-seat:
org.freedesktop.udisks2.modify-device-system:
org.freedesktop.udisks2.modify-drive-settings:
org.freedesktop.udisks2.modify-system-configuration:
org.freedesktop.udisks2.open-device:
org.freedesktop.udisks2.open-device-system:
org.freedesktop.udisks2.read-system-configuration-secrets:
org.freedesktop.udisks2.rescan:
but without succes yet.
I'm still marking the subject as resolved since I can mount them on thunar now.
Offline
This may help you:
/etc/polkit-1/localauthority/50-local.d # cat 50-filesystem-mount-system-internal.pkla
[Mount a system-internal device]
Identity=unix-group:storage
Action=org.freedesktop.udisks2.filesystem-mount-system;org.freedesktop.udisks2.encrypted-unlock-system
ResultActive=yes
Check whether you are a member of storage group.
Offline
Yes I'm a member of the storage group.
Your file is similar to what I made since I have the same value 'org.freedesktop.udisks2.filesystem-mount-system' .
Mouting works, unmouting returns an error but still works. The log says :
Mar 10 18:25:47 host udisksd[502]: Mounted /dev/dm-0 at /run/media/user/d61f4798-2ae8-4c3e-9898-9d6a37825534 on behalf of uid 1000
Mar 10 18:25:49 host udisksd[502]: Cleaning up mount point /run/media/user/d61f4798-2ae8-4c3e-9898-9d6a37825534 (device 254:0 is not mounted)
Mar 10 18:25:49 host udisksd[502]: Unmounted /dev/dm-0 on behalf of uid 1000
Offline