sebastien bacher wrote:
> could you run "polkit-auth --show-obtainable" and "ck-list-sessions"
and copy the logs to the bug?
ok, i ran it with the default /etc/PolicyKit/PolicyKit.conf file...
[....header comments.....]
<!-- See the manual page PolicyKit.conf(5) for file format -->
<config version="0.1">
<match user="root">
<return result="yes"/>
</match>
</config>
$ polkit-auth --show-obtainable
org.gnome.clockapplet.mechanism.settimezone
org.freedesktop.policykit.read
org.freedesktop.policykit.revoke
org.freedesktop.hal.power-management.shutdown-multiple-sessions
org.freedesktop.hal.power-management.reboot-multiple-sessions
org.freedesktop.hal.storage.mount-fixed
org.freedesktop.hal.storage.unmount-others
org.freedesktop.hal.storage.crypto-setup-fixed
$ ck-list-sessions
Session1:
uid = '1000'
realname = 'Rishab Aiyer Ghosh,,,'
seat = 'Seat1'
session-type = ''
active = TRUE
x11-display = ':0'
x11-display-device = '/dev/tty7'
display-device = ''
remote-host-name = ''
is-local = TRUE
on-since = '2008-06-08T22:27:08Z'
i did this after i'd tried to enable various things from polkit-gnome-
authorization, by explicitly granting my user rights. i had to run
polkit-gnome-authorization using sudo, or i couldn't change anything at
all... not that anything _should_ have required changing, since most
things, including time change, manage system configuration, were already
set to implicit authorization for admin authentication. "mount file
systems from removable devices" was also already set to implicit Yes for
the active console without requiring authentication. anyway, adding
myself explicitly to the authorize list made no difference. note that it
says hal mount-fixed is obtainable not mount-removable, which is
presumably already allowed.
if i try to change /etc/PolicyKit/PolicyKit.conf to explicitly authorize me
(user rishab) and also the hal mount-removable:
<!-- See the manual page PolicyKit.conf(5) for file format -->
<config version="0.1">
<match user="root|rishab">
<return result="yes"/>
</match>
<define_admin_auth group="admin"/>
<match action="org.freedesktop.hal.storage.mount-removable">
<return result="yes"/>
</match>
</config>
now, "polkit-auth --show-obtainable" does nothing, presumably because
everything is allowed.
i can now edit the wifi configuration, set date etc with no
authentication, which is not really a safe situation. so i'll probably
go back to the previous PolicyKit.conf, especially since even with this
change hal still doesn't auto-mount (the drives show up in dmesg fine).
i also saw somewhere (not sure where, this polkit/hal problem seems to have
been going on many threads) a suggestion to add to hal.conf:
<policy group="plugdev">
<allow send_interface="org.freedesktop.Hal.Device.Volume"/>
<allow send_interface="org.freedesktop.Hal.Device.Volume.Crypto"/>
</policy>
i couldn't see the point of it since the hal.conf default context
already allows these actions, but added it anyway, to no effect.
--
'Unlock' button in admin utilities greyed out
https://bugs.launchpad.net/bugs/231246
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
