[arch-general] netcfg wlan connection renewal

Philipp Überbacher hollunder at lavabit.com
Thu Sep 29 06:54:51 EDT 2011

Excerpts from Fons Adriaensen's message of 2011-09-29 12:36:30 +0200:
> On Thu, Sep 29, 2011 at 11:51:53AM +0200, Tom Gundersen wrote:
> > What you are seeing is udisks [0]. The policy that is implemented, if
> > I understand correctly, is that udisks allows a user who is physically
> > at the machine to mount the usb drive, but not remote users.
> > 
> > This makes sense for two reasons:
> > 
> > * A user who is physically present could just grab the usb stick and
> > insert it in a laptop where he/she has whatever permissions necessary
> > to do whatever they want, so no security is lost.
> This makes no sense.  I don't mind if they use their own sticks
> on their own laptop. I do if they use it one this particular
> machine.
> > * Furthermore, you probably don't want have to ask the admin to set up
> > a new entry in fstab for every usb drive that is plugged into your
> > machine.
> Not necessary. Priveleges to do certain things are given
> per user or to groups, it's done when a user's account is
> set up and that's it. Sudo can handle this nicely. The fstab
> entries for my own usb disks are there mainly because they
> have dedicated mount points.
> The last thing I want as an admin is a 'parallel administration'
> such as polkit, in particular if it can grant priveleges just
> by adding some files to a directory. That's very convenient for
> package managers etc. but it surely does not enhance security. 
> > If you don't like the way this works you could override the policy
> > (look for udisks PK files) or you could just disable / uninstalll
> > udisks.
> Don't worry, there's no udisks on any machine I control. Nor Gnome
> or KDE for that matter. 
> I do have polkit though, for just one reason: emacs -> gconf -> polkit.
> So as my vim skills improve I'll probably get rid of emacs and gconf
> some time.
> Ciao,

As a somewhat hackish workaround there's the gconf-no-polkit package in
AUR: https://aur.archlinux.org/packages.php?ID=41983
Works well enough for me. I also need gconf for a single package only.

More information about the arch-general mailing list