[arch-general] My D-Bus/Hal/PolicyKit Fix - Useful for Admin Users
Listmates, Since I continually fight d-bus and hal on hotplugging issues, I thought I would pass along the fix that worked for me. Since this is a full access fix, I decided it shouldn't be posted to the wiki. Let me know if you think differently or feel free to post it yourself. Here is what worked for me for hotplugging usb drives, etc... Granting Full Access to a Single User: To grant access to a single user (say yourself maybe), modify the following 2 files as follows. For example purposes, I am granting myself username "david" complete access to all d-bus/hal devices: /etc/dbus-1/system.d/hal.conf: <policy user="david"> <allow own="org.freedesktop.Hal"/> </policy> /etc/PolicyKit/PolicyKit.conf: <config version="0.1"> <match user="david"> <return result="yes"/> </match> </config> Works fine here. Let me know if you see any real gotchas about this approach. Thanks. -- David C. Rankin, J.D.,P.E. Rankin Law Firm, PLLC 510 Ochiltree Street Nacogdoches, Texas 75961 Telephone: (936) 715-9333 Facsimile: (936) 715-9339 www.rankinlawfirm.com
In my very limited understanding of HAL+PolicyKit, I'd say that yeah, this'll work great as long as you don't mind the slight hit in security. Personally, I wouldn't. Thanks for the info! -AT
Isn't your approach similar to http://wiki.archlinux.org/index.php/HAL#Permission_Denied ? Or am I totally wrong? -- Vinzenz Vietzke www.archmirror.de
On or about Tuesday 02 June 2009 at approximately 16:12:17 Vinzenz Vietzke composed:
Isn't your approach similar to http://wiki.archlinux.org/index.php/HAL#Permission_Denied ? Or am I totally wrong?
No, you are right! That's what I read through before throwing 90% of the specific stuff mentioned there out the window in favor of the brute force approach. The problem with the solutions on the page is they appear to be shooting at the moving target of the kernel/d-bus/hal/policykit "standard setup". Wading in a bit you soon realize you can set up an infinite (almost) set of policies by applying different pieces of the policy at different levels of the scheme. Some can be applied at the hal level others at the policy kit level, etc. I picked apart the suse scheme looking at their solution and there just wasn't a "standard" setup. You can accomplish the same thing 5 different ways when you add user and group memberships, the deny/allow configurations and on and on. For a single user machine (my laptop in my case), I just want things to work when I plug them in. I want drives automounted and I want removables recognized. I don't care for the elaborate multiuser policies that may apply and be useful, in what? -- 5% of all installs. So you are not totally wrong, I did make good use of the wiki, then politely threw 90% of it out ;-) -- David C. Rankin, J.D.,P.E. Rankin Law Firm, PLLC 510 Ochiltree Street Nacogdoches, Texas 75961 Telephone: (936) 715-9333 Facsimile: (936) 715-9339 www.rankinlawfirm.com
participants (3)
-
Andrei Thorp
-
David C. Rankin, J.D.,P.E.
-
Vinzenz Vietzke