[arch-general] netcfg wlan connection renewal

[Tom Gundersen]

On Thu, Sep 29, 2011 at 10:25 AM, Fons Adriaensen <fons at linuxaudio.org> wrote:
> Yet some Gnome/KDE desktop apps are able to mount even when
> running for a normal user, when PK agrees (which in my eyes
> is a subvertion of a policy set by the sysadmin). How do they
> do this if neither 'mount' nor the syscalls used by it take
> any notice of PK (thank $GOD for that) ?
>
> The only way I can imagine ATM is that such environments have
> a collection of small suid programs or daemons (all talking
> to PK) that do the work, and that PK is there to allow these
> to be separate from the main apps which require the service.

What you are seeing is udisks [0]. The policy that is implemented, if
I understand correctly, is that udisks allows a user who is physically
at the machine to mount the usb drive, but not remote users.

This makes sense for two reasons:

* A user who is physically present could just grab the usb stick and
insert it in a laptop where he/she has whatever permissions necessary
to do whatever they want, so no security is lost.
* Furthermore, you probably don't want have to ask the admin to set up
a new entry in fstab for every usb drive that is plugged into your
machine.

If you don't like the way this works you could override the policy
(look for udisks PK files) or you could just disable / uninstalll
udisks.

Cheers,

Tom

[0]: <http://www.freedesktop.org/wiki/Software/udisks>