[arch-general] hal has lost its mind again.

David C. Rankin, J.D.,P.E. drankinatty at suddenlinkmail.com
Mon May 18 13:04:20 EDT 2009


On or about Monday 18 May 2009 at approximately 09:48:00 David Rosenstrauch 
composed:
> David C. Rankin, J.D.,P.E. wrote:
> > On or about Sunday 17 May 2009 at approximately 03:51:10 David C. Rankin,
> >
> >> 	Another interesting note. When I inserted the card, there was no entry
> >> created in /media. Now 10 minutes later after I have been copying the
> >> photos, etc., the mount of /dev/mmcblk0p1 has *appeared* mounted on
> >> /media/disk? Huh?
> >>
> >> 	I can't tell you when it appeared, but I can tell you that for at least
> >> 4-5 minutes. So why the initial error and why the magical appearance
> >> after the error telling me it wasn't going to be mounted? What to check
> >> for more info?
> >
> > Here is the deal,
> >
> > 	When I stick the card in, as my normal user I can't access the device
> > shown under "Services" "Storage Media" and there is no "disk" entry in
> > /media.
> >
> > 	If I start konqueror running as root and then access "Services" "Storage
> > Media" and the SD card (/dev/mmcblk0p1 in this case), Presto the device
> > automatically appears as "disk" under /media and then I *can* access it
> > (rw) as my normal user. What gives? What permissions are stuck?
>
> Short answer:
>
> Use this for your /etc/PolicyKit/PolicyKit.conf:
>
> <?xml version="1.0" encoding="UTF-8"?> <!-- -*- XML -*- -->
>
> <!DOCTYPE pkconfig PUBLIC "-//freedesktop//DTD PolicyKit Configuration
> 1.0//EN"
> "http://hal.freedesktop.org/releases/PolicyKit/1.0/config.dtd">
>
> <!-- See the manual page PolicyKit.conf(5) for file format -->
>
> <config version="0.1">
> <!--
>          <define_admin_auth group="wheel"/>
> -->
>          <match action="org.freedesktop.hal.storage.mount-removable">
>                  <return result="yes"/>
>          </match>
> <!--
>          <match action="org.freedesktop.hal.storage.eject-removable">
>                  <return result="yes"/>
>          </match>
> -->
> </config>
>
>
> Long answer:
>
> See:  http://bbs.archlinux.org/viewtopic.php?pid=542472
>
>
> I have to say, I'm not very fond of this new console-kit/policy-kit
> stuff being the default in hal now.  I far prefer the simplicity of
> standard unix groups and permissions.
>
> DR

DR, thanks!

    I guess I'll like Policy Kit once I make friends with it, but it sure was 
a whole lot easier just issuing the 'mount /dev/whatever /media/whatever' 
command. It looks like I just didn't have enough in PolicyKit.conf. I had the 
following:

<?xml version="1.0" encoding="UTF-8"?> <!-- -*- XML -*- -->

<!DOCTYPE pkconfig PUBLIC "-//freedesktop//DTD PolicyKit Configuration 
1.0//EN"
"http://hal.freedesktop.org/releases/PolicyKit/1.0/config.dtd">

<!-- See the manual page PolicyKit.conf(5) for file format -->

<config version="0.1">

        <define_admin_auth group="wheel"/>

        <match action="org.freedesktop.hal.storage.mount-removable">
                <match group="users">
                        <return result="yes"/>
                </match>
        </match>

        <match user="david">
                <return result="yes"/>
        </match>

        <match user="david">
        <!-- replace with your login or delete the line if you want to allow 
all users to manipulate devices (keep security issues in mind though) -->
                <match action="org.freedesktop.hal.storage.*">
                        <return result="yes"/>
                </match>
                <match action="hal-storage-mount-fixed-extra-options">
                <!-- for internal devices mounted with extra options like a 
wished mount point -->
                        <return result="yes" />
                </match>
                <match action="hal-storage-mount-removable-extra-options">
                <!-- for external devices mounted with extra options like a 
wished mount point -->
                        <return result="yes" />
                </match>
        </match> <!-- don't forget to delete this line if you deleted the 
first one -->


</config>


Why in the heck the following wasn't good enough escapes me at present:

        <define_admin_auth group="wheel"/>

        <match user="david">
                <return result="yes"/>
        </match>

That's says let *me* do anything with anything (twice I might add). I guess in 
addition to giving yourself global authorization you also have to give 
yourself specific authorization as well.

Also, why do you have .eject-removable commented out?

-- 
David C. Rankin, J.D.,P.E.
Rankin Law Firm, PLLC
510 Ochiltree Street
Nacogdoches, Texas 75961
Telephone: (936) 715-9333
Facsimile: (936) 715-9339
www.rankinlawfirm.com


More information about the arch-general mailing list