You are not logged in.

#1 2009-12-15 18:26:49

resi
Member
Registered: 2009-12-15
Posts: 44

GNOME, nautilus, devicekit-disks: mount USB disk

Hi,

I recently upgraded and have now nautlius 2.28.2-1 together with devicekit-disks 009-1 installed.
As usual mounting/unmounting USB disks in nautilus stopped working. I searched the wiki, forums, bugs and google to gather information about this topic, but you know ...

When I try to mount a disk (they all show up in nautilus) nautilus pops up an error declaring me "Not Authorized". After quite some reading I think nautilus now uses devicekit-disks to actually mount my USB disks, so I tried to mount it with devicekit-disks:

 [resi@nomad ~]$ devkit-disks --mount /dev/sdc 
 Mount failed: Not Authorized

In older versions of nautilus I used to edit some files in /etc to grant myself permissions (PolicyKit.conf), but this does not work anymore.

I found a hint and edited /usr/share/polkit-1/actions/org.freedesktop.devicekit.disks.policy (this one is coming with devicekit-disks) and modified the default for the actions org.freedesktop.devicekit.disks.filesystem-mount action:

<allow_any>yes</allow_any>

Having done so I can now mount the USB disks using nautilus, devicekit-disks or palimpsest (suffering from the same "Not Authorized" problem). Unmounting has a little flaw though, it seems like nautilus tries to eject the medium when unmounting, but then again its "Not Authorized" to do so.

However, this is the only solution I could come up with. Since the file I modified will probably be replaced without notice during the next upgrade I fear I will have to go all the way again, not remembering anymore what I did to fix this (otoh, after writing this I probably will).

And since the values in org.freedesktop.devicekit.disks.policy are declared as defaults (and by the fact it lives under /usr) I assume there has to be a site configuration file somewhere in /etc.
Where should I but my customizations? I mean, whats the proper way to do so?

Thanks,
Christoph

P.S.: I like nautilus, it makes me unhappy to use thunar/pmount/whatever to mount my disks.

Offline

#2 2009-12-16 03:42:18

leeyee
Member
From: Kingston, Canada
Registered: 2009-01-07
Posts: 150

Re: GNOME, nautilus, devicekit-disks: mount USB disk

Haven't touch policy files for long. Did you add yourself into the "storage" group? Since in default devicekit-disks should allow users in "storage" group to mount disks automatically.


Archlinux x86_64 on Thinkpad T400
Intel X4500MHD / ATI HD3470 Graphics, 2G RAM, 160G HD

Offline

#3 2009-12-16 05:02:30

djungelmums
Member
From: Sweden
Registered: 2009-09-09
Posts: 36

Re: GNOME, nautilus, devicekit-disks: mount USB disk

This actually worked. Thank you!

Offline

#4 2009-12-16 05:19:44

ngoonee
Forum Fellow
From: Between Thailand and Singapore
Registered: 2009-03-17
Posts: 7,354

Re: GNOME, nautilus, devicekit-disks: mount USB disk

Now this is interesting. Does this mean we don't need HAL anymore?


Allan-Volunteer on the (topic being discussed) mailn lists. You never get the people who matters attention on the forums.
jasonwryan-Installing Arch is a measure of your literacy. Maintaining Arch is a measure of your diligence. Contributing to Arch is a measure of your competence.
Griemak-Bleeding edge, not bleeding flat. Edge denotes falls will occur from time to time. Bring your own parachute.

Offline

#5 2009-12-16 11:48:49

leeyee
Member
From: Kingston, Canada
Registered: 2009-01-07
Posts: 150

Re: GNOME, nautilus, devicekit-disks: mount USB disk

ngoonee wrote:

Now this is interesting. Does this mean we don't need HAL anymore?

The trend is to abandon HAL and leave its work to devicekit-disks/power and udev, but at present HAL is still needed and under code maintenance only. (However, I am not sure which parts of it are still functioning)


Archlinux x86_64 on Thinkpad T400
Intel X4500MHD / ATI HD3470 Graphics, 2G RAM, 160G HD

Offline

#6 2009-12-16 17:47:47

resi
Member
Registered: 2009-12-15
Posts: 44

Re: GNOME, nautilus, devicekit-disks: mount USB disk

leeyee wrote:

Haven't touch policy files for long. Did you add yourself into the "storage" group? Since in default devicekit-disks should allow users in "storage" group to mount disks automatically.

I think the group settings are ok. So there must be something else I miss.

[resi@nomad ~]$ groups
root wheel uucp video audio optical storage nobody users samba

EDIT: To test this I just created a user being member of all groups. Still not authorized ...

Last edited by resi (2009-12-16 18:42:46)

Offline

#7 2009-12-16 21:22:59

resi
Member
Registered: 2009-12-15
Posts: 44

Re: GNOME, nautilus, devicekit-disks: mount USB disk

me again ... this whole *kit stuff seems so odd to me.

I finally read all the devicekit, then the policykit docs, Syu-ed and have now devicekit-disks 009-3 installed.

Using polkit-actions without arguments prints a list of registered actions (known to policykit). This list was pretty short:

[resi@nomad ~]$ polkit-action 
org.freedesktop.policykit.read
org.freedesktop.policykit.revoke
org.freedesktop.policykit.grant
org.freedesktop.policykit.modify-defaults

PolicyKit considers all *.policy files under /usr/share/PolicyKit/policy/, only the policykit package installs its files (well, its one file) there.

devicekit-disks (and probably some other packages providing *.policy files) seems to forget about that. So I added a symlink:

[root@nomad policy]# ln -s /usr/share/polkit-1/actions/org.freedesktop.devicekit.disks.policy /usr/share/PolicyKit/policy/

Thats not enough, the file seems to be out of date. I had to replace all auth_admin_keep defaults with auth_admin_keep_session until the file validated.
And hurray:

[resi@nomad ~]$ polkit-action 
org.freedesktop.policykit.read
org.freedesktop.policykit.revoke
org.freedesktop.policykit.grant
org.freedesktop.policykit.modify-defaults
org.freedesktop.devicekit.disks.filesystem-mount
org.freedesktop.devicekit.disks.filesystem-mount-system-internal
org.freedesktop.devicekit.disks.filesystem-check
org.freedesktop.devicekit.disks.filesystem-check-system-internal
org.freedesktop.devicekit.disks.filesystem-unmount-others
org.freedesktop.devicekit.disks.filesystem-lsof
org.freedesktop.devicekit.disks.filesystem-lsof-system-internal
org.freedesktop.devicekit.disks.drive-eject
org.freedesktop.devicekit.disks.drive-detach
org.freedesktop.devicekit.disks.change
org.freedesktop.devicekit.disks.change-system-internal
org.freedesktop.devicekit.disks.drive-ata-smart-refresh
org.freedesktop.devicekit.disks.drive-ata-smart-selftest
org.freedesktop.devicekit.disks.drive-ata-smart-retrieve-historical-data
org.freedesktop.devicekit.disks.luks-unlock
org.freedesktop.devicekit.disks.luks-lock-others
org.freedesktop.devicekit.disks.linux-md
org.freedesktop.devicekit.disks.cancel-job-others
org.freedesktop.devicekit.disks.inhibit-polling
org.freedesktop.devicekit.disks.drive-set-spindown

polkit-auth shows my authorizations, thus:

[resi@nomad ~]$ polkit-auth | grep mount
org.freedesktop.devicekit.disks.filesystem-mount
org.freedesktop.devicekit.disks.filesystem-mount-system-internal
org.freedesktop.devicekit.disks.filesystem-unmount-others

It seems to me that I am authorized for all actions listed above, I guess thats because this user is in both the wheel and root groups.

However, when I try to actually mount something nothing has changed.

[resi@nomad ~]$ devkit-disks --mount /dev/sdc
Mount failed: Not Authorized

Since policykit is now properly configured I can use polkit-action or polkit-gnome-authorization to modify the default values in the way polkit expects me to (not tampering with with the *.policy files).

[resi@nomad ~]$ polkit-action --action org.freedesktop.devicekit.disks.filesystem-mount
action_id:        org.freedesktop.devicekit.disks.filesystem-mount
description:      Mount a device
message:          Authentication is required to mount the device
default_any:      yes (factory default: no)
default_inactive: yes (factory default: no)
default_active:   yes

But even now mounting fails because I'm not authorized.

Back to the start, if I change the factory defaults in org.freedesktop.devicekit.disks.policy mounting succeeds.

I think there might be 2 bugs involved here:
1.) missing links to policy files in /usr/share/PolicyKit/policy/
2.) policykit fails to consider overrides for factory defaults

What do you think?

Offline

#8 2009-12-17 02:04:28

PirateJonno
Forum Fellow
From: New Zealand
Registered: 2009-04-13
Posts: 372

Re: GNOME, nautilus, devicekit-disks: mount USB disk

resi wrote:

Using polkit-actions without arguments prints a list of registered actions (known to policykit). This list was pretty short:

[resi@nomad ~]$ polkit-action 
org.freedesktop.policykit.read
org.freedesktop.policykit.revoke
org.freedesktop.policykit.grant
org.freedesktop.policykit.modify-defaults

I have that too, but automounting works. The reason is that there are 2 policykit versions atm, PolicyKit and policykit-1. PolicyKit is being phased out. Try doing pkaction and you should see a much much longer list. If I were you I'd stop messing around with policykit, revert all the changes you've made and reinstall both of them. Then maybe automounting will work. Personally I've never had to configure anything at all and automounting just works.


"You can watch for your administrator to install the latest kernel with watch uname -r" - From the watch man page

Offline

#9 2009-12-17 02:15:35

leeyee
Member
From: Kingston, Canada
Registered: 2009-01-07
Posts: 150

Re: GNOME, nautilus, devicekit-disks: mount USB disk

PirateJonno wrote:

I have that too, but automounting works. The reason is that there are 2 policykit versions atm, PolicyKit and policykit-1. PolicyKit is being phased out. Try doing pkaction and you should see a much much longer list. If I were you I'd stop messing around with policykit, revert all the changes you've made and reinstall both of them. Then maybe automounting will work. Personally I've never had to configure anything at all and automounting just works.

What is the exact difference between PolicyKit and PolKit? The descriptions of the two packages are the same, I got quite confused with this.

I don't recommend to edit policies manually either, since all these files may be overwritten during upgrades.


Archlinux x86_64 on Thinkpad T400
Intel X4500MHD / ATI HD3470 Graphics, 2G RAM, 160G HD

Offline

#10 2009-12-17 02:24:46

PirateJonno
Forum Fellow
From: New Zealand
Registered: 2009-04-13
Posts: 372

Re: GNOME, nautilus, devicekit-disks: mount USB disk

polkit is a newer version of policykit that isn't api compatible with the old one, but some programs haven't been rewritten to use it yet so both of them are installed, under different names so they don't conflict. the old policykit will eventually go away though. and yeah, in general try not to edit anything under /usr


"You can watch for your administrator to install the latest kernel with watch uname -r" - From the watch man page

Offline

#11 2009-12-17 09:45:54

resi
Member
Registered: 2009-12-15
Posts: 44

Re: GNOME, nautilus, devicekit-disks: mount USB disk

PirateJonno wrote:

I have that too, but automounting works. The reason is that there are 2 policykit versions atm, PolicyKit and policykit-1. PolicyKit is being phased out. Try doing pkaction and you should see a much much longer list. If I were you I'd stop messing around with policykit, revert all the changes you've made and reinstall both of them. Then maybe automounting will work. Personally I've never had to configure anything at all and automounting just works.

Ahhh, I didn't know about the 2 versions.
Of course I don't like messing around in /usr, so I removed the policykit stuff and reinstalled polkit.

I'm still not authorized to mount anything, but at least pkcheck confirms this ;-).

[resi@nomad ~]$ pkcheck --action-id org.freedesktop.devicekit.disks.filesystem-mount --process $BASHPID
Not authorized.

I need to learn how to configure polkit configuration now.

Offline

#12 2009-12-17 09:56:36

PirateJonno
Forum Fellow
From: New Zealand
Registered: 2009-04-13
Posts: 372

Re: GNOME, nautilus, devicekit-disks: mount USB disk

resi wrote:

Of course I don't like messing around in /usr, so I removed the policykit stuff and reinstalled polkit.

Ok, good. I think you can put stuff under /etc/polkit-1 and it overrides the stuff in /usr/share but I'm not sure tbh.

resi wrote:

I'm still not authorized to mount anything, but at least pkcheck confirms this ;-).

[resi@nomad ~]$ pkcheck --action-id org.freedesktop.devicekit.disks.filesystem-mount --process $BASHPID
Not authorized.

I need to learn how to configure polkit configuration now.

ok yeah i tried that and i am authorized. my /usr/share/polkit-1/actions/org.freedesktop.devicekit.disks.policy shows this:

<action id="org.freedesktop.devicekit.disks.filesystem-mount">
    <description>Mount a device</description>
    <description xml:lang="da">Montér en enhed</description>
    <message>Authentication is required to mount the device</message>
    <message xml:lang="da">Autorisering er påkrævet for at montere et fil system</message>
    <defaults>
      <allow_any>no</allow_any>
      <allow_inactive>no</allow_inactive>
      <allow_active>yes</allow_active>
    </defaults>
  </action>

I might poke around for a bit and see what that stuff means

Edit: ok, looks like /etc/polkit-1 is completely unrelated. However, a workaround to your original problem would be to change allow_any to "yes" for the following actions:

org.freedesktop.devicekit.disks.filesystem-mount
org.freedesktop.devicekit.disks.filesystem-unmount-others
org.freedesktop.devicekit.disks.drive-eject
org.freedesktop.devicekit.disks.drive-detach

you should probably play around and bit and change as few of those as possible. then add this (the missing / is intentional) to /etc/pacman.conf:

NoUpgrade = usr/share/polkit-1/actions/org.freedesktop.devicekit.disks.policy

Edit 2: but before you do that, try this (the output is there for comparison, see if you have active = TRUE and is-local = TRUE):

$ ck-list-sessions
Session2:
    unix-user = '1000'
    realname = 'Pirate Jonno'
    seat = 'Seat1'
    session-type = ''
    active = TRUE
    x11-display = ':0'
    x11-display-device = '/dev/tty7'
    display-device = ''
    remote-host-name = ''
    is-local = TRUE
    on-since = '2009-12-17T00:41:14.708048Z'
    login-session-id = '4294967295'

Last edited by PirateJonno (2009-12-17 10:32:52)


"You can watch for your administrator to install the latest kernel with watch uname -r" - From the watch man page

Offline

#13 2009-12-17 10:39:28

leeyee
Member
From: Kingston, Canada
Registered: 2009-01-07
Posts: 150

Re: GNOME, nautilus, devicekit-disks: mount USB disk

How did you log into your desktop? I am wondering if it's something related to the ConsoleKit? This authentication problem is really annoying, since we are almost automatically granted these permissions in default.

Hope this helps: https://bugs.launchpad.net/ubuntu/+sour … bug/478274


Archlinux x86_64 on Thinkpad T400
Intel X4500MHD / ATI HD3470 Graphics, 2G RAM, 160G HD

Offline

#14 2009-12-17 10:40:45

resi
Member
Registered: 2009-12-15
Posts: 44

Re: GNOME, nautilus, devicekit-disks: mount USB disk

Thanks PirateJonno, I appreciate your help there.

My policy file looks the same.
Only if I change <allow_any> to "yes" I get authorization.

I'm still a bit unsure about the meaning of <allow_any>, <allow_inactive> and <allow_active>, but I'm aware these relate to sessions directly on the host or remote logins.
Most of the time I'm using ssh or vnc, so that might be the reason I need to set <allow_any>.

However, now that I feel so close to a solution I'd prefer to not change the policy file but use some local configuration overrides. I just don't have enough time right now to play around with this, got to do similar but still completly unrelated work ;-)

Offline

#15 2009-12-17 10:48:35

PirateJonno
Forum Fellow
From: New Zealand
Registered: 2009-04-13
Posts: 372

Re: GNOME, nautilus, devicekit-disks: mount USB disk

No problem. I too have similar but unrelated work, this is my way of procrastinating about it tongue. Well anyway, i think allow_any just means anyone is allowed to do it without authorization, whereas allow_(in)active seems to relate to consolekit sessions but im not 100% sure yet (see leeyee's post). in one of the man pages i read it said something about an active session being one thats on a display, whereas inactive is on a different tty or has been fast-user-switched out of or something. anyway i think the ck-list-sessions output would be helpful


"You can watch for your administrator to install the latest kernel with watch uname -r" - From the watch man page

Offline

#16 2009-12-17 10:58:53

resi
Member
Registered: 2009-12-15
Posts: 44

Re: GNOME, nautilus, devicekit-disks: mount USB disk

After reading leeyees post I tried again with ck sessions. I almost forgot about that in my ssh logins. So here we go:

[resi@nomad ~]$ ck-launch-session 
[resi@nomad ~]$ ck-list-sessions 
Session7:
        unix-user = '1000'
        realname = 'Christoph Rissner'
        seat = 'Seat1'
        session-type = ''
        active = FALSE
        x11-display = ''
        x11-display-device = ''
        display-device = '/dev/pts/0'
        remote-host-name = ''
        is-local = TRUE
        on-since = '2009-12-17T11:12:37.181697Z'
        login-session-id = '4294967295'

/dev/pts/0 is the correct terminal, but now I see that the session is marked inactive. A quick pkcheck confirms this, I can now leave allow_any = no but only need allow_inactive.

How do I activate a console kit session? I assumed ck-lauch-session in an interactive shell would be enough, but thats obviously not true.

So everything seems to be fine, I just was awfully misguided on my way.

Offline

#17 2009-12-17 11:04:35

PirateJonno
Forum Fellow
From: New Zealand
Registered: 2009-04-13
Posts: 372

Re: GNOME, nautilus, devicekit-disks: mount USB disk

resi wrote:
active = FALSE

yup, thought so. no idea how you activate a session but i'd suggest you read the launchpad link, seems like people there had your exact problem. also check daemon.log for consolekit messages.
P.S. was that the only session listed? because gdm should create one automatically
Edit: oh wait you're in ssh? well its probably a good idea to test it locally when you have the time

Last edited by PirateJonno (2009-12-17 11:07:01)


"You can watch for your administrator to install the latest kernel with watch uname -r" - From the watch man page

Offline

#18 2009-12-17 11:48:11

resi
Member
Registered: 2009-12-15
Posts: 44

Re: GNOME, nautilus, devicekit-disks: mount USB disk

There were actually 2 sessions, the ssh and another one running in Xvnc (using ck-launch-session .... to start my WM). Both are marked inactive.

After reading --debug info from console-kit-daemon I found this one:

Dec 17 12:40:05 nomad console-kit-daemon[14664]: DEBUG: Debugging enabled
Dec 17 12:40:05 nomad console-kit-daemon[14664]: WARNING: Failed to acquire org.freedesktop.ConsoleKit
Dec 17 12:40:05 nomad console-kit-daemon[14664]: WARNING: Could not acquire name; bailing out

(which reminds my to fix my ntp lookup).
leading me there:
http://www.linux-archive.org/ubuntu-use … n-log.html

Somebody mentions consolekit still depends on policykit, so I reinstalled it and console-kit-daemon starts up without warnings.

The session is still marked inactive, maybe thats due to the ssh login. Also the vnc session is inactive.
I will try this from a local console when I'm at home, also using the display manager login (I use entrance).

Thanks for helping me so far, I feel even closer to a solution than ever :-)

Offline

#19 2009-12-17 13:47:56

PirateJonno
Forum Fellow
From: New Zealand
Registered: 2009-04-13
Posts: 372

Re: GNOME, nautilus, devicekit-disks: mount USB disk

oh ok, i have no idea how consolekit works from ssh or xvnc so better do local just in case yeah. good idea to reinstall policykit
haha ok, sorry i just assumed you were using gdm since it had gnome in the title. in that case it may be an issue with entrance (no idea why though). anyway im off to bed now


"You can watch for your administrator to install the latest kernel with watch uname -r" - From the watch man page

Offline

#20 2009-12-18 07:28:35

resi
Member
Registered: 2009-12-15
Posts: 44

Re: GNOME, nautilus, devicekit-disks: mount USB disk

Yesterday evening I tried this stuff on a local console and using gdm to login. Guess what, it just worked.
So after all, I learned a lot about console-, pol(icy)- and devicekit. Although I was sceptic about the yet-another-permission-managment-stuff when I first read about it, I now think this will turn out really nice.

What remains for me is to learn about consolekit settings.
- Whats the special thing gdm does and entrance doesn't?
- How do I activate sessions in ssh/vnc? Why are these session inactive and local (instead of active and remote, if the difference matters)?
- Ad vnc: Can I fire up my favorite WM (e17 for what its worth) and make the ck session active? Or do I need a gnome-session?
- How can I grant (specific) actions to some users/groups?

I don't know yet when I will have time again to further play with this, but I will post my findings then.
Thanks a lot for helping me there.

Offline

#21 2009-12-18 10:31:26

PirateJonno
Forum Fellow
From: New Zealand
Registered: 2009-04-13
Posts: 372

Re: GNOME, nautilus, devicekit-disks: mount USB disk

oh ok, thats good to know. i second the *kit stuff, its a nice solution, just needs some ironing out really.

not too sure what entrance isn't doing but ill have a look at the consolekit source to see what active means. been meaning to patch it so my system wont shut down when mythtv is running, anyway.

to grant specific actions to users/groups check out 'man pklocalauthority'


"You can watch for your administrator to install the latest kernel with watch uname -r" - From the watch man page

Offline

#22 2009-12-18 10:52:21

resi
Member
Registered: 2009-12-15
Posts: 44

Re: GNOME, nautilus, devicekit-disks: mount USB disk

PirateJonno wrote:

to grant specific actions to users/groups check out 'man pklocalauthority'

Well I did that, but I will do again since it didn't work out in the first attempt :-)

Offline

#23 2009-12-18 10:57:21

PirateJonno
Forum Fellow
From: New Zealand
Registered: 2009-04-13
Posts: 372

Re: GNOME, nautilus, devicekit-disks: mount USB disk

well i haven't actually tried it, but give it a go anyway i guess. anyway i think i just found a bug in the consolekit code where the "idle-hint" property is listed as "active". maybe that is getting set to false somehow and it rolls over? ill just report this then keep looking

edit: ok so i found in this file: http://cgit.freedesktop.org/ConsoleKit/ … /ck-seat.c a command that may let you activate your session anywhere (on line 276):

dbus-send --system --dest=org.freedesktop.ConsoleKit --type=method_call --print-reply --reply-timeout=2000 /org/freedesktop/ConsoleKit/Seat1 org.freedesktop.ConsoleKit.Seat.ActivateSession objpath:/org/freedesktop/ConsoleKit/Session2

Last edited by PirateJonno (2009-12-18 11:19:00)


"You can watch for your administrator to install the latest kernel with watch uname -r" - From the watch man page

Offline

#24 2009-12-18 13:03:15

resi
Member
Registered: 2009-12-15
Posts: 44

Re: GNOME, nautilus, devicekit-disks: mount USB disk

Good idea, but its not working:

Session5:
        unix-user = '1000'
        realname = 'Christoph Rissner'
        seat = 'Seat1'
        session-type = ''
        active = FALSE
        x11-display = ''
        x11-display-device = ''
        display-device = '/dev/pts/0'
        remote-host-name = ''
        is-local = TRUE
        on-since = '2009-12-18T12:59:42.342058Z'
        login-session-id = '4294967295'
[resi@nomad ~]$ tty
/dev/pts/0
[resi@nomad ~]$ dbus-send --system --dest=org.freedesktop.ConsoleKit --type=method_call --print-reply --reply-timeout=2000 /org/freedesktop/ConsoleKit/Seat1 org.freedesktop.ConsoleKit.Seat.ActivateSession objpath:/org/freedesktop/ConsoleKit/Session5
Error org.freedesktop.DBus.GLib.UnmappedError.CkSeatError.Code0: Unable to activate session

Offline

#25 2009-12-18 13:04:36

PirateJonno
Forum Fellow
From: New Zealand
Registered: 2009-04-13
Posts: 372

Re: GNOME, nautilus, devicekit-disks: mount USB disk

maybe try it as root? anyway its a pretty ugly command, there must be a way to get it active in the first place...


"You can watch for your administrator to install the latest kernel with watch uname -r" - From the watch man page

Offline

Board footer

Powered by FluxBB